I would bet even careful Arch users don’t sift through every repo they have installed during every system update to make sure nobody tinkered with an older one today. Some may have written elaborate scripts that warn them when for example the owner of a package changed but that’s probably less than 1% of even just older Arch users. If it even exists at all.
I don’t think this is just a growing skill issue. I suspect the main reason this seems to happen more frequently is mere popularity. More popular means there’s more to gain for bad actors.
Not sure, I read all the diffs when I was using Arch. It’s scary otherwise. I also put effort into minimizing the number of AUR packages I use, though.
But it getting more popular, of course, also plays a role, but I’d argue it’s the same thing. There are only so many nerds out there, for it to get more popular it has to reach to a broader audience.
I would bet even careful Arch users don’t sift through every repo they have installed during every system update to make sure nobody tinkered with an older one today. Some may have written elaborate scripts that warn them when for example the owner of a package changed but that’s probably less than 1% of even just older Arch users. If it even exists at all.
I don’t think this is just a growing skill issue. I suspect the main reason this seems to happen more frequently is mere popularity. More popular means there’s more to gain for bad actors.
Not sure, I read all the diffs when I was using Arch. It’s scary otherwise. I also put effort into minimizing the number of AUR packages I use, though.
But it getting more popular, of course, also plays a role, but I’d argue it’s the same thing. There are only so many nerds out there, for it to get more popular it has to reach to a broader audience.