Arch Linux is a popular Linux distribution known for its simplicity and flexibility. Recently, there have been security concerns in the Arch User Repository (AUR), where bad actors have managed to slip in Remote Access Trojans (RATs).
Interestingly, the Arch Linux team is rolling out a new tool to automatically monitor package updates, improving how maintainers and users stay informed about packages in the main repositories.
What's Happening: Arch Linux has introduced Bumpbuddy, an automated program that tracks new software releases for packages in the official repositories.
It operates as a daemon that monitors package versions and automatically opens GitLab issues when it detects that a package is out of date. It keeps these issues updated if newer versions are released and closes them once the package has been updated in the repositories.
The tool relies on .nvchecker.toml configuration files to track package versions and runs checks every three hours to ensure timely updates.
What to Expect: For package maintainers, Bumpbuddy automates the process of tracking new upstream releases, eliminating the need for manual checks or creating tracking issues. The process is now automated based on existing package configurations.
Users will benefit from faster awareness of new releases without having to manually flag packages as out of date. Public GitLab issues also provide transparency about why some updates might take longer.
Future plans for bumpbuddy include adding a web dashboard to view package reports, providing an API endpoint for pkgctl version check to enable faster version checks, and the removal of the "flag package out-of-date" button on Archweb.
This new tool aims to make the Arch Linux package update process more efficient and transparent for everyone involved.
Suggested Read 📖
Sourav Rudra
- Even the biggest players in the Linux world don't care about desktop Linux users. We do.
- We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
- Don't like ads? With the Plus membership, you get an ad-free reading experience.
- When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
- It costs just $2 a month, less than the cost of your favorite burger.
Become a Plus Member today and join over 300 people in supporting our work.
