Same here, just got a notification that one of my watched aur packages got taken over of someone random because it was orphaned.
replyI'm wondering at this point if the idea of adopting orphaned packages is broken and should be removed.
replyInconvenient, but perhaps instead of allowing adoption of someone else's abandoned package, the AUR forces a new submission instead and regularly purges orphaned packages older than a certain age?
Absolutely! Supply chain attacks are always going to be a problem, but just letting someone take over a package because it hasn’t been touched in a while seems like a really poor policy.
replyIf you want to change it, fork it!