• rozodru@piefed.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    24 days ago

    I think it was essentially orphaned stuff that got “picked up” by a “new maintainer” and that’s how it happened.

      • Telorand@reddthat.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        24 days ago

        You’re only affected if you use the AUR. As far as I understand it, the core packages themselves are fine, so this is more of a MitM attack, where somebody compromised the package download streams

          • Telorand@reddthat.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            24 days ago

            How is it not? They didn’t take over the core projects, they took over the midstream distribution.

            • northernlights@fedia.io
              link
              fedilink
              arrow-up
              0
              ·
              24 days ago

              A MitM attack defines the attack technique, not the target. It’s when the target wants to connect to something but it connects through you first, and you forward while collecting/altering data. My question was about the attack used. But yeah, a mass takeover of everything orphaned would do it.