Do we know who added the bad commit? Do they still have access? Is there anything I can do to help prevent this from happening again?
On Sat, 6 Jun 2026, at 5:35 PM, 𝕍𝕖𝕝𝕠𝕔𝕚𝕗𝕪𝕖𝕣 wrote: > Tom Buckley-Houston wrote: >> I'm the creator of Browsh, but not the owner of the AUR browsh-bin package. >> I've just registered for this mailing list after somebody mentioned that >> browsh-bin has started installing a sketchy NPM package. I don't see where >> this change could have happened based on the logs here >> https://aur.archlinux.org/cgit/aur.git/log/?h=browsh-bin Perhaps I'm missing >> something. > The commit was removed. > > -- > George truly, 𝕍𝕖𝕝𝕠𝕔𝕚𝕗𝕪𝕖𝕣 > Improve your wifi reception for free > <https://www.youtube.com/watch?v=LY8Wi7XRXCA> (Libre JS version > <https://redirect.invidious.io/watch?v=LY8Wi7XRXCA>) > This email does not constitute a legally binding contract > My OpenPGP key is 1BA0 FC4B 80E0 F21B 0269 8CEE 634E BF87 40C7 48BE > <https://blog.velocifyer.com/pgp-certificate.asc>. Please sign it! > Remember to reply all on mailing lists (this is here so i don't forget > to use reply all)(If you are reading this i forgot to remove it) > Attachments: > * OpenPGP_0x634EBF8740C748BE.asc > * OpenPGP_signature.asc
