You’re only affected if you use the AUR. As far as I understand it, the core packages themselves are fine, so this is more of a MitM attack, where somebody compromised the package download streams
A MitM attack defines the attack technique, not the target. It’s when the target wants to connect to something but it connects through you first, and you forward while collecting/altering data. My question was about the attack used. But yeah, a mass takeover of everything orphaned would do it.
oh I saw “clang” in the list of packages and got worried
You’re only affected if you use the AUR. As far as I understand it, the core packages themselves are fine, so this is more of a MitM attack, where somebody compromised the package download streams
This is not a MitM attack.
How is it not? They didn’t take over the core projects, they took over the midstream distribution.
A MitM attack defines the attack technique, not the target. It’s when the target wants to connect to something but it connects through you first, and you forward while collecting/altering data. My question was about the attack used. But yeah, a mass takeover of everything orphaned would do it.