We very much need to find a solution for preventing malicious packages. My idea
is to give each new user a "score", if a user makes a commit and there score is
below some threshold that commit must be manually reviewed. When these commits
then influence the user's score. For example, if a new user makes a simple
commit (like updating the version of a package) their score might go up by one
or not change at all. On the other hand, if they add a new package or make a
major update to a package, their score would go up by more. That way a
malicious user would need to actually make meaningful commits, which is harder
to automate and at least does some good for the aur. I have said this idea
already around 2 weeks ago and I am bringing it up again because it seems
relevant. The problem with just flagging the first 10 commits is that its not
very hard to automate updating the version of 10 packages. Or flagging commits
for a week would just result in people waiting a week before making malicious
commits.