alt Hacker NewsThis is like saying a user who clone a random git repo is not to blame and git-scm should do more to prevent cloning of malicious repos. If it is not official, it is your job to review, if you dont like it, use iOS instead of Arch Linux.
If you crash your car, you are liable for the accident. If you aren't ready for that, take the bus.
More power = more responsibility
Uh but this isn't random git repos these are packages available through the OS's repos. Why does the AUR even exist if not for malware distribution?
It's an uncontrolled free-for-all disguised as a watering hole. If they can't do the most basic of housekeeping it should not exist full stop.