The Arch Linux team has once again been forced to respond to a distributed denial-of-service attack targeting its AUR repository infrastructure. As a result, DDoS protection has been enabled for aur.archlinux.org to help mitigate the ongoing disruption.
While this measure helps keep the AUR website accessible, it has introduced a significant side effect: pushing to the AUR is currently not possible.
I wonder if it could be a state actor? I can imagine that the powers that be in MANY countries could be motivated to keep users away from operating system software that isn’t spyware.
Then why go against the AUR and not the official mirrors? The former isn’t always exactly the epitome of securely packaged trusted applications
Just spitballing, because honestly the amount of effort that must go into sustaining this attack in the long term just baffles me. Like, why?
It costs, like $10 to rent a botnet for a couple-hour attack.