Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages

What started as a bad morning for Arch Linux turned into an all-day numbers-go-up horror show. First the alarm was around 400 infected community-made software packages. Then it jumped to about 900. By the end of the day, Arch developers said they had removed all the bad changes they knew about — but the running list had ballooned to 1,579 packages, and even that was described as not the full total. Translation for normal humans: a huge pile of optional, user-submitted software in Arch’s community area was hit, and people online reacted like someone had left the front door open all night.

The comments were a mix of finger-wagging, fear, and full-on “I told you so” energy. One of the loudest reactions was basically, “This is exactly why you don’t install random stuff from the internet without checking it first,” with users reminding everyone that the Arch User Repository, or AUR, is the wild-west side of the ecosystem, not the carefully checked official app shelf. Others winced at the mention of tools that make installing from AUR too easy, saying convenience had clearly entered the chat and common sense had left it.

And then came the survivalist crowd: people proudly declaring they never use AUR packages at all, preferring to build things themselves or hide in containers like Docker. There was also a detective-thread vibe, with people asking how bad it really was and whether orphaned, unloved packages were the main victims. The mood? Half public service announcement, half community roast, with a side of gallows humor: if Arch users love control, this was a very ugly reminder of what happens when the community toolbox gets a little too communal.