• SayCyberOnceMore@feddit.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    13 days ago

    The problem with these supplychain / wateringhole attacks, is the reputation hit is harder to deal with.

    If anyone thinks they’ll stop using an AUR package and just install a container, flatpak, etc… they can still be vulnerable, but they’re not using AUR, NPM, etc…

    I just hope there were enough forensics to make a sensible improvement in security policies & procedures, rather than just guessing what next to do, and then AUR will be stronger for it.