https://aur.archlinux.org/cgit/aur.git/commit/?h=electrum-nmc&id=9dee9b3f9a0bd918c09d5ebb45f00e5270429d5e
https://aur.archlinux.org/cgit/aur.git/commit/?h=python-affine&id=c7887204a2878aedd60dbe0523f9f4ee29096cf3
https://aur.archlinux.org/cgit/aur.git/commit/?h=python-axolotl-git&id=2f0c62bdd9f80ccc5c1ddbbeb9c57e97d644b9f3

Looks like there's a pattern of hijacking the exact same name as a
previous maintainer.

On Thu, 11 Jun 2026 at 22:38, Nicolas Boichat <[email protected]> wrote:
>
> This as well:
> https://aur.archlinux.org/cgit/aur.git/commit/?h=ledger-udev-bin&id=d60a201d6bcbd7e0c9186c0027459e7c36c428a0
>
> On Thu, 11 Jun 2026 at 22:34, a821 <[email protected]> wrote:
> >
> > On Thu, Jun 11, 2026 at 01:50:48PM +0000, Mark Wagie wrote:
> > > A new Maintainer adopted gnome-randr-rust and added an install file with 
> > > the
> > > following:
> > > npm install atomic-lockfile yargs
> >
> > more packages with malicious commits and same install function:
> >
> > - python-apt
> > - python-cerealizer
> > - python-orange
> > - vim-pythonhelper
> >
> > accounts:
> >
> > - dafneprats
> > - andremonnet
> > - robertwalter
> > - grecaarmellini
> >
> > Also please check packages maintained by those users.
> >
> >

Reply via email to