The Arch Linux team has once again been forced to respond to a distributed denial-of-service attack targeting its AUR repository infrastructure. As a result, DDoS protection has been enabled for aur.archlinux.org to help mitigate the ongoing disruption.
While this measure helps keep the AUR website accessible, it has introduced a significant side effect: pushing to the AUR is currently not possible.
But… why? I mean, who’s targeting Arch? Sounds like the Arch team has some info that they won’t release (for now), but this is so confusing to me…
Nobody has been claiming responsibility. Some of the AUR forum peoples think it’s butthurt malware devs who got caught uploading malware, but it’s just a shot in the dark.
https://status.archlinux.org/
Been on and off for months now.
If it’s blocking AUR updates, it could be an attempt to keep some patches to certain exploits from going out? But it seems unlikely that the cost of a ddos is worth the tiny number of possibly vulnerable AUR users out there…
If people just used Hannah Montana Linux then we wouldn’t have these problems.