This is an attempt to mitigate the spam flood which has targeted aur.archlinux.org in a simple and (hopefully) effective way. As described in the commit message it just adds a hidden field which these automated bots fill in to make the form submission look "valid" for normal users nothing changes.
I also created a patch for account registration, but that patch is a bit bigger and I'm not sure if these automated bot setups are smart enough to report that registration fails although one can argue that they can detect if a comment was 'submitted'. Either way the comment patch has the smallest impact codewise and is an easy way to figure out if it works. Greetings, Jelle van der Waa