Hello there, this is my first time using a mailing list :)

I've run some checks on my machines and found that at least libgdata and
subbrute are present on my PCs. However, they were both last updated
several months ago, so I can't verify for sure whether the malware is
present or not.

I was thinking of cross-referencing expac info about installed packages
against git log dates, but since the malicious commits were removed from
the AUR with --force, I'm not sure how to do that anymore -- especially as
my setup cleans .cache/yay regularly, so I don't have the local clones to
inspect either.

Having a list with the malicious commit hashes and dates would likely help
automate checks for folks like me.

Vladimir T

Reply via email to