| ▲ | sph 6 hours ago | |||||||||||||
Be aware of false positives! I found I had two of these packages installed, clang19 and compiler-rt19, but due to my recent laziness in updating my system, mine were still the versions from July 2025 from the official repos before they had relegated them to AUR. You can check the build and install date with `pacman -Qi <package>`. I run Arch Linux in a container (within Fedora Silverblue), but my plan for the future: - consider switching away from Arch Linux for my dev container, with great sadness. A rolling distro is a terrible idea in the current security climate. I loved using Arch for my dev container exactly because of AUR. - switch to Fedora Stable, perhaps the previous release which still gets security fixes but no other updates. I am still on Fedora 43, I guess I have no rush to update to 44. - be even lazier in updating my workstation. I used to update daily when I was running Arch, then I moved to weekly last year when I got stuck with slow internet, now consider updating monthly or more (of course, unless there are critical security bugs) - Flatpak and Flathub terrify me, it's only a matter of time until malware appears. I have had automatic upgrades disabled for a while. - for the love of God don't touch anything that uses npm Previously: https://news.ycombinator.com/item?id=48458931 | ||||||||||||||
| ▲ | reedlaw 5 hours ago | parent | next [-] | |||||||||||||
I also had an affected package installed, fortunately it was from the official repo before it was dropped and became an AUR package. | ||||||||||||||
| ▲ | doubled112 5 hours ago | parent | prev [-] | |||||||||||||
> Flatpak and Flathub terrify me I thought Flathub has a review and approval process. Does it fall short in some fundamental way? Any review process is more than the AUR and NPM are doing. | ||||||||||||||
| ||||||||||||||