The current approach to retrieving mirrors frequently leads to the distribution of corrupted or malicious instances.

The following issue, https://github.com/vbextreme/ghostmirror/issues/13, led us to discover a malicious mirror. This made me question why we're packaging broken or malicious mirrors in the first place. As a result, I opened this issue: archlinux/packaging/packages/pacman-mirrorlist#1 (closed)

However, it seems the problem might not lie in how the mirror list is being packaged, but rather in the mirror list itself. So the question is: is the mirror list itself broken, meaning you need to intervene to prevent broken or malicious mirrors from reaching end users? Or is there actually a flaw in how the list is being packaged?

have a good life.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

The current approach to retrieving mirrors frequently leads to the distribution of corrupted or malicious instances.