I know of one successful supply chain attack in FOSS.
So still points for using it.
Comment on St. Paul, MN, was hacked so badly that the National Guard has been deployed
CallMeAnAI@lemmy.world 8 months agoAbsolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
msage@programming.dev 8 months ago
SheeEttin@lemmy.zip 8 months ago
AUR has had multiple Trojans just this week
msage@programming.dev 8 months ago
I’m sorry, Dave, but AUR does not count.
sugar_in_your_tea@sh.itjust.works 8 months ago
Precisely. The AUR is just a somewhat organized script dump. There’s no release process, and any user can upload any script they want. If you’re not capable of auditing scripts yourself, don’t use the AUR, there’s no expectation of quality or safety at all.
toothpaste_ostrich@feddit.nl 8 months ago
I… Don’t understand what you said here 🫤