What is your recommended way to deal with the current situation?

• don’t tolerate malware. Get out the big hammer. This is an attack on Linux.
• be frugal on what you install
• slowing down. Not everything needs to be bleeding edge.
• perhaps use automated cooldown times of 2/4/8/12 weeks for changed packages, depending on software trustworthiness, and users experience. More cooldown for owner change.
• each PKGBUILD in an own repo, with a single owner
• removing all AUR recommendations from the Arch wiki
• gather the user community to help with review and testing of AUR packages, transforming the most important ones into extra packages
• score all packages by trustworthiness
• reward quality and sane practices when trusting / scoring packages - fire up a competition for quality
• build a web of trust, possibly with actually user-friendly software instead of GnuPG
• construct a robust voting/package reputation system for normal users (this is very hard because by experience, reputation systems can easily be gamed, it will by all experience NOT work purely electronically)
• ultimately trust in people, not personas or algorithms