For me there's no "get caught", and many stuff are only available trough torrent, like some old/obscure movies (some could take a week to download), other only trough DDL like some UK TV shows.
Also for automate software like Radarr/Sonarr you only have torrents or nbz
There's a reason why Russia evaded Ukraine, because decisions like this.
Transnistria in Moldova is a Russian outpost since the 90's,
Chechnya didn't have any backlash when tried to breakup from russia instead cities got flattened.
Russia tried to invade Georgia, after failing Russia only got a slat on the wrist.
When russia invaded Ukraine in 2014 no one done any pressure instead more oil and gas traded giving more money to Russia.
Since the 90s Europe has been seen weak without the help of USA, and Russia can do whatever they want.
If Ukraine fall in Russia hands then Moldova is next, and others will folow
2026 the year of desktop Linux
Just the case of the packages being removed only a few hours after been published just makes my point of "trusted users" reviewing and reporting then.
And is not only an archlinux/AUR problem, the same happens with python pip, npm, dockerhub, github... With bigger popularity, bigger the target.
These days after the success of Steamdeck many users switched to Linux, and many of those started using arch or based distros like EndeavourOS because some one on reddit, YouTube or other said is the best for new hardware and you can find everything you need on AUR.
New users won't review scripts or PKGBUILD, that's gibberish, just search and install, and a few hours could be too late for some.
I don't care if Linux loses or gains popularity, but if there's no guard rails of some kind of control things could get worse, and even end AUR as it is now.
Having people control what's published or not, probably not the best solution, but leaving it as a wild west also not
Arch also warns uses about AUR, use at at your own risk, and can break your system.
My approach isn't definitely not the best solution, I was saying this is only the beginning, and with other arch based distros also using AUR only gets worse, if there's any moderation and some kind of package control before publishing then when thins get real bad maybe too late and arch starts loosing users.
Now is just some packages, later could be some popular package take overs or some kinda spoofing of other packages.
I use arch BTW (since 2011), and ~~Debian~~ Armbian on Raspberry Pi, one is rock solid the other sometimes break with updates
That's why you shouldn't blindly trust AUR, and always review the scripts before installing.
But something needs to change:
This won't stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.
2025 is the year of malware on Linux
In Portugal it's called Salazar, the same name of the dictator
Adding to this DDL store the content for a limited time. Some of the content after one week is almost impossible to find