Heard OpenSuse has OpenQA - apparently it is like an automatic test tool for packages.

the firefox, zen browser and libre wolf packages are concerning. The ttf ms font too. Those are very normal apps and unless you pay attention to the package name when doing “pacman -Syu”, you would fall for the malware.

If only we can compartmentalize all AUR packages. The download AUR sources iirc are already in something like $HOME/.paru. Installing is a different story, because these packages can put their executable all over the places: /usr/local/bin, $HOME/local/bin.

The entire line of succession is currently 100% Republican. It goes from Vance to RFK Jr all the way to Noem. So yes, it looks bad either way.