[horsawlarway]

For good or for bad, this warning is ALWAYS present for AUR.

It's right there in the name, and it's clearly announced in all the wiki materials that AUR is user repos, and trust shouldn't be given blindly.

It's literally in a giant red box right up front: https://wiki.archlinux.org/title/Arch_User_Repository

There are lots of things on AUR that I absolutely won't install, and I don't really think spamming the mailing list with all of them is the best policy.

And while I don't exactly hate the idea of warning users who installed a malicious package... it turns out that's not a particularly feasible thing to implement, because AUR doesn't have the kind of install tracking that's present in the commercial tools... ex - how exactly are they supposed to know who installed a package? AUR is basically just a phonebook of package locations, and they don't require any login/auth info.

So the warning comes from tooling the user can run if they're paying attention, and they ask you to pay attention (ex - https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc39...)