I’m not sure if loosing the maintainer is to only thing we should be going off of here, but I like the name.
CubitOom
- 1.55K Posts
- 4.22K Comments
Joined 3 years ago
Cake day: June 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
5·8 hours agoMaybe they should make them out of porcelain again, there would be less plastic.
I think they are all pretty great
No, I think the dystopian surveillance device just did that on it’s own.
A simple install kept it orphaned. Instead I needed to run
sudo pacman -D --asexplicit vlc
I don’t trust that everything that outputs from
pacman -Qdtqshould be deleted. Like I want to keepvlc.
I’m not entirely sure I agree, I think the issue is with default settings.
Like you could use both yay and paru to diff the PKGBUILD of the most recent updat and then read it, and then approve each. And I think that’s pretty helpful. But you could also just blindly accept the update with the right config or flag and that is not a good practice.
Linux has always been the bigger target. Even microslop uses linux for its severs.
Good question, I guess I might be using the wrong word when i say “orphan” because I see the arch wiki uses that term differently
Orphans are packages that were installed as a dependency and are no longer required by any package.
You can remove these manually or if using an aur helper like yay there are flags/settings you can use to delete them after the desired package was installed.
However what I was talking about aur packages that are unmaintained or do not have a maintainer anymore.
I’m researching more at the moment.
The packages could be infected at any point.
I guess the same could be said for literally any open source or freely distributed project.
The difference is that this was a supply chain attack and, to my knowledge, required the package to be listed as
orphanedunmaintained first so that the PKGBUILD could be modified to install malicious NPM packages.The community caught it quickly because it is possible to read both the PKGBUILD and the output of the update and, I think, it is fully resolved as of now.
Basically, if one were to delete or replace orphaned packages then they wouldn’t have been infected.
It is also possible to add a CVE scanner for AUR packages if reading the PKGBUILD is too much, I’m looking into how to do that now.
All this is to say that you should check if you had an infected package but I personally don’t think using the aur is more risky than using a flatpak.
9·23 hours agoUntil Iran decides the want to close it again, like maybe in retaliation for a country bombing another?
I avoid
orphanedunmaintained packages and I wait a few days before I typeyay
2·1 day agoDaphy Michel wasn’t born in America either.
Daphy Michel, 31, died March 2. She was found at a bus shelter in Pittsburgh. The Allegheny County Medical Examiner’s Office found her cause of death to be hypothermia and ruled the manner a homicide, “indicating the death was caused by the actions of another individual” and should not be interpreted as a declaration of criminal guilt, the office said in a statement. The office released its findings Friday.
Michel was a native of Haiti who was seeking asylum in the U.S. after arriving at the southern border in 2022, said Joseph Patrick Murphy, her family’s attorney. She was granted humanitarian parole based on urgent humanitarian need, but she did not live to see a hearing scheduled for two weeks after she died, he said.
The medical examiner’s office said Michel was a vulnerable adult “suffering from untreated severe mental health issues and a significant language barrier” at the time of her release on Feb. 27, the office said.
110·2 days agoIt’s because the research can be used to make better missiles.
- We will use your data to train military ai to kill children.
Work on a hobby at home
How did your grandparents get them then?