[Aspie96]

They are not. And there would be absolutely nothing wrong with them no longer maintaining the package, deleting it, or with the package not working.

The issue here is spreading actual malware. A developer doesn't owe anything to anyone.

But actually and actively harming others trough actual malware is unethical even if someone didn't promise they wouldn't do so.

If I give someone a piece of food that I expressly don't guarantee anything about, the worse one would assume is that it might be spoiled and I didn't check, or that the ingredients may be of very law quality. Not that I actually purposefully poisoned it.

[seqizz]

I don't know. Going from same example, if you give me food with a note on it saying "I don't be liable for anything, I am not giving any guarantees. And if you'd like to give this food to someone else, you must give a copy of this note too.", poison possibility is not off the table.

Anyway, I understand the frustration of people who got broken tests, but just noting the different angle.