Whenever I read these headlines, I always immediately hear the “my brand” commercial guy stim in my head.
TL;DR: If you haven’t installed
google-chrome-stablerecently from AUR, you’re not affected.Can someone explain how the AUR isnt the same as running a random bash script you found on the internet?
It’s not any different from running a random bash script, which is why according to the Arch wiki, users of the AUR should “verify that the PKGBUILD and accompanying files are not malicious or untrustworthy.” That’s also why good AUR helpers ask if you want to look at the PKGBUILD every time you install or update anything, because best practice is to read them every time so you know what it’s doing.
The AUR there for convienience, which means it tends to get used by newbies who really probably shouldn’t be using it. But I also won’t pretend that I follow the guidance every time myself.
I don’t really know how a newbie is supposed to review the build and files lol
In other news, Arch users getting what they asked for. A difficult and highly customizable Linux. 😉
