DigiNews

Summary

LWN reports on a coordinated attack against the Arch User Repository (AUR) where attackers created new accounts to adopt orphaned packages and push malicious updates, affecting thousands of packages. The piece details the tactics, the temporary disabling of new-user registrations, and the ongoing response by maintainers, including discussions about stronger vetting and defense strategies. It highlights the broader supply-chain risk in open-source ecosystems and potential mitigations like improved tooling and review processes.