how did this happen? the linked thread show people identifying the infected packages and cleaning them up but no word about how it happened or how to prevent it.
You’re only affected if you use the AUR. As far as I understand it, the core packages themselves are fine, so this is more of a MitM attack, where somebody compromised the package download streams
how did this happen? the linked thread show people identifying the infected packages and cleaning them up but no word about how it happened or how to prevent it.
I think it was essentially orphaned stuff that got “picked up” by a “new maintainer” and that’s how it happened.
oh I saw “clang” in the list of packages and got worried
You’re only affected if you use the AUR. As far as I understand it, the core packages themselves are fine, so this is more of a MitM attack, where somebody compromised the package download streams