2 comments

[ 4.9 ms ] story [ 23.4 ms ] thread
Should note this only applies to AUR packages and `-git` mostly because of missing archive hashes.

AUR packages pinned to mutable tags are easiest to hijack.

article notes that they "found nine vulnerable packages (in the community repository)"