https://aur.archlinux.org/cgit/aur.git/commit/?h=electrum-nmc&id=9dee9b3f9a0bd918c09d5ebb45f00e5270429d5e https://aur.archlinux.org/cgit/aur.git/commit/?h=python-affine&id=c7887204a2878aedd60dbe0523f9f4ee29096cf3 https://aur.archlinux.org/cgit/aur.git/commit/?h=python-axolotl-git&id=2f0c62bdd9f80ccc5c1ddbbeb9c57e97d644b9f3
Looks like there's a pattern of hijacking the exact same name as a previous maintainer. On Thu, 11 Jun 2026 at 22:38, Nicolas Boichat <[email protected]> wrote: > > This as well: > https://aur.archlinux.org/cgit/aur.git/commit/?h=ledger-udev-bin&id=d60a201d6bcbd7e0c9186c0027459e7c36c428a0 > > On Thu, 11 Jun 2026 at 22:34, a821 <[email protected]> wrote: > > > > On Thu, Jun 11, 2026 at 01:50:48PM +0000, Mark Wagie wrote: > > > A new Maintainer adopted gnome-randr-rust and added an install file with > > > the > > > following: > > > npm install atomic-lockfile yargs > > > > more packages with malicious commits and same install function: > > > > - python-apt > > - python-cerealizer > > - python-orange > > - vim-pythonhelper > > > > accounts: > > > > - dafneprats > > - andremonnet > > - robertwalter > > - grecaarmellini > > > > Also please check packages maintained by those users. > > > >
