Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories (blog.nietaanraken.nl) 6 points by joren485 3y ago ↗ HN
[–] 2bluesc 3y ago ↗ Should note this only applies to AUR packages and `-git` mostly because of missing archive hashes.AUR packages pinned to mutable tags are easiest to hijack. [–] _emacsomancer_ 3y ago ↗ article notes that they "found nine vulnerable packages (in the community repository)"
[–] _emacsomancer_ 3y ago ↗ article notes that they "found nine vulnerable packages (in the community repository)"
2 comments
[ 4.9 ms ] story [ 23.4 ms ] threadAUR packages pinned to mutable tags are easiest to hijack.