ArchRiot: End of Active Development
Arch Linux is completely untenable. The recent catastrophic AUR malware incident — where attackers adopted abandoned packages and compromised well over 1,500 user-contributed packages with malicious code for credential theft, browser data exfiltration, and worse — exposes the fundamental fragility of its community-driven model. Layered on Linux’s broader vulnerability nightmare (relentless CVEs and supply-chain attacks, normalization of proprietary driver blobs, telemetry creep, distribution drama, and spreading age verification mandates), the platform that once offered real user control has become a high-maintenance liability and persistent exposure vector. Even Arch, long valued for minimalism and flexibility, has shown deep structural cracks.
ArchRiot was built to give people a clean, fast, beautifully themed, sovereignty-first Arch Linux experience — no bullshit, just a machine that actually respects its owner.
For the last 16 months you all made it worth it. The installs, the feedback, the custom setups, the daily driver energy — real talk, thank you. None of this happens without you.
ArchRiot still works exactly as it does today.
Current ISOs, install scripts, everything — they remain fully functional. If you want to keep running it, go for it. It’s solid. (Given recent events, exercise heightened caution with any AUR packages, audit thoroughly with pacman -Qm, and consider the broader ecosystem risks.)
That said, active development on ArchRiot is over.
No more new features. No major releases. Just critical bug fixes and essential security updates when they’re actually needed to keep existing installs stable and secure.
My full focus and energy have now shifted to OpenRiot.
→ OpenRiot is the continuation. Same philosophy (minimal, clean, themed, efficient tiling, privacy-first) — rebuilt on OpenBSD. No blobs. No verification requirements. No distribution drama. No weakening security model. A fundamentally more auditable and defensible foundation where issues like unchecked package adoptions and widespread supply-chain compromises are structurally far less likely. Real stability, real control, real sovereignty.
If you valued what ArchRiot stood for — sovereignty, control, clean aesthetics, and a machine that doesn’t treat you like the product — this is the stronger, more principled continuation of that vision.
Start a Riot.
OpenRiot → https://openriot.org
The ArchRiot repository, documentation, and all existing releases will stay up indefinitely. Fork it, modify it, keep using it — it’s yours, do whatever you want with it. (Just stay mindful of the wider Linux ecosystem risks going forward.)
The Riot continues — now on much more solid and secure ground.
CyphrRiot
Creator of ArchRiot & OpenRiot
https://x.com/CyphrRiot