AUR Chaos malware: an analysis

The AUR is moderated by Arch Team members, but it does NOT mean that each and every package is thoroughly inspected, vetted and approved by the Arch staff. Remember to always inspect packages content before installing!

Soooo… I guess in theory there do exist some people who do this (or the malware would not have been detected at all) but saying this as if it’s something you expect everyone to do feels deeply disconnected from reality.