General advice is if your system gets comprised only full proof thing to do is nuke and pave it.
Fanboying is tacking and tasteless like a good portion of your post. Most would have class enough to admit that Garuda and Cachy are pretty much equal footing as for quality of OS. Now if you want to actually be honest and talk about a bad OS and forum take a few well deserved whacks at Manjaro other wise keep the BS to yourself
No to any this done with LLM / AI.
Exactly what I actually came to say. I think a pinned post EVERYONE has to see. Explanation of whatâs happening. scripts or links to scripts and fixes. And make it clear fixes from LLM / AI are not a good idea. Lock for no comments on it.
.Even with as bad as Windows is that advice is never given unless you are having issues that you can fix.
Youâre only here to provoke.
How many times has your account been banned?
How many times have you re-registered?
How many accounts do you have on this forum?
Despite your provocations, Iâve never reported you before. Thatâs about to change.
But itâs enabled out of the box and even includes a helper. The GUI package manages included with cachy (octopi and now Shelly) even search AUR and make it easy to download and install packages from there. All things that come default with the OS. Cachy still has a responsibility to its users about this in regards to communication, mitigations and next steps to prevent this from happening again.
I would say with any Arch based distro in their forums thereâs usually a few times a month when the ASUR is brought by someone and the customary warning are given. Make no mistake this was only a matter of time and can happen to Snaps, Flatpaks, Appimages, etc⌠Just because in this case it was a easy vector doesnât mean they wonât get into a much more hardened system.
sure they can but the OS who use those features or support them out of the box would also be responsible and accountable to said exploit.
the communication around this has been shit at best. AUR homepage doesnât even have a message about whatâs going on. Arch Linux homepage I wouldnât blame anyone for missing the announcement about it. Just looks like a Sunday blog post.
Simply untrue since the enduser is made very aware of what risk they are taking, so the responsibility falls squarely on mainstream Arch and the enduser.
Now as for proper communication yes Arch has dropped the ball big time. Right now the second someone clicks to go to the AUR every page their should have news about this at the top and links to the tested methods to mitigate this for now. Personally I think I would of gone as far as temporarily blocking all downloads once the problem hit 500 affected packages.
How are they made aware? The amount of times Iâve seen cachy devs, contributors and mods, just in discord say âjust grab it from AURâ is insane lol
Hard agree here. AUR should be locked down right now.
Itâs enabled by default that you are allowed to drive a car on a motorway - even dramatically to fast, dangerous for you as well as for the others.
Should the car manufacturers (CachyOS Team) being in charge of that (you are allowed to use AUR)?
The manufacturer even states very clearly: you can drive on a motorway. You can even drive to fast if you wish. It is your responsibility ⌠but we warn you, this is not supported by us as the car manufacturer
Only because it is possible it does not mean that you need to do âŚ
And only because something is possible, the manufacturer of a car is not responsible for what YOU are doing with YOUR car âŚ
And last time I checked I didnât need a government license, which includes questions about the roles and responsibilities of using a car, to use a computer 
And yes if the manufacturer of the car does something wrong or screws up, knowiningly or unknowingly, they must remedy it on their own expense. It what recalls are.
Iâm sorry you spent so much time on that terrible metaphor.
I agree. But âallowance to use the motorway to fastâ is nothing that is related to the engine, carburetor or anything that the car manufacturer is responsible for âŚ
CachyOS (as arch) ALLOWS the usage of AUR. Even states âguy, this could be dangerousâ. CachyOS works. As arch does. The car works. âŚ
You are not forced at all to drive on a motorway to fast âŚ
Where does it? Installing something vanilla via paru doesnât do this. It just shows the PKGBUILD. Then nub users will ask on discord âwhat do I do hereâ and without fail, even from Cachy people, âjust hit Q and yâ. Paru doesnât tell you to look over the pkgbuild or explain why from what I recall or quickly retested.
AUR support now imo, as a lesson learned, should be a button you enable in cachy hello that then tells you the dangers or best practises if using AUR before it lets you enable it. Cachy isnât arch. Arch is for the hardcore. Cachy is trying to be arch but for the mainstream and unfortunately with that comes responsibilities.
Hello,
Iâve just registered to ask the following question. The list of packages containing malware is well known, but are there any statistics on their popularity? How many downloads does each package have? If the list consists mainly of unused and/or obsolete packages, the situation isnât that serious; if not, however, the issue is really important. For example last year packages containing firefox and librewolf were corrupted by malware, and in that case it was very serious.
Thank you
This sentences needs punctuation and a redo, not sure what you are saying here but attacking people and not the point seems to be your thing because you donât have a coherent point to make.
Can I still update cachy or is it unsafe?
yup just donât use update anything from AUR for now.
sudo pacman -Syu
Which should only update packages from the official repo and youâll be okay.
No. IF you were infected, the malware would have stolen your ssh keys, possibly other credentials too, would have tried to install a rootkit etc. You would at least have to change your passwords and ssh keys (if any). The snapshot should though get your system back to before the infection, but I am not versed enough in Linux or the intricacies of that special malware to know that for sure.
Nice try but epic fail since we both know it makes perfect sense. Just keeping digging your hole.
What you mean by that?