The onus here is on Arch-based distros that decide this vast collection of build scripts equals a software repo, is a good “selling” point, and decide to integrate it into the distro or even the package management.
All that said, the AUR is not the only user repo that is plagued. These sort of malware attacks need to be addressed somehow.
It is Archlinux’ mission statement that its average user knows how to do such things. The installation process is based on handling PKGBUILDS. AUR helpers are explicitely unsupported.
The onus here is on Arch-based distros that decide this vast collection of build scripts equals a software repo, is a good “selling” point, and decide to integrate it into the distro or even the package management.
All that said, the AUR is not the only user repo that is plagued. These sort of malware attacks need to be addressed somehow.