A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
You are absolutely right, and it’s a shame that especially large corporations use open source without giving much back.
Still, the setup of a lot of software repositories and package management is almost comically lax. A little extra effort might do a lot of good, is all I am saying.
deleted by creator