Skip to main content
Topic: Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories (Read 316 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories

https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking/

Moral seems to be that as well as checking PKGBUILD's for sanity check the sourced github repo is not redirecting.
If it is it's a security hole.

Be nice if github implemented no reuse of usernames like google with their email addresses.