As i see, recently theres very much malicioud packages, that i decided to stop updating my aur packages. We could put aur read only, so we can remove all malware and figure solutions before new one arrives.
It seems like only orphaned packages are affected. We could pause adoption or introduce a "human-in-the-loop" approach, though making the entire AUR read-only is too harsh and would affect legitimate packages and established maintainers.
I am in favor of the human-in-the-loop approach, where contributors can push a commit to an orphaned package, but that commit is not reflected for anyone else—and the package is not officially adopted—until moderators approve the commit and the adoption. 1F616EMO
OpenPGP_0xE1B66C824F094548.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
