That’s a completely fair opinion, even though I would argue that Google pagerank is a genuinely revolutionary piece of code that has, taken on its own, made the internet a better place.

No, seriously. I think many would agree that the internet user experience peaked some time after Google entered the scene (yes, officer, right down this sub) but before YouTube left every serious competitor behind. There was a lot of “small web” content with no clear commercial intent (not blasting you with two affiliate links and one video ad per paragraph). Many of the big platforms were controlled by the techies who set them up and not yet by the venture capital who would eventually buy them out. Yet, venture capital already kept these firms afloat, so a lot of genuinely good services were genuinely free for the user and not paywalled or privacy-paywalled (just give us your email address and IP, bro, trust us bro, just one more captcha, bro, maybe one more 2FA using your phone number, bro, really, we might even let you visit our site then). Of course, someone had to pay up eventually: Enshittification ensued.

A second aspect: For the past decade at least, democratic-presenting governments have used all our web data fed into clandestine technology to win elections, either to stay in power or get into power and pull up the ladder behind them. I guess it’s like that old saying: A small time criminal robs a bank, a big time criminal owns a bank. Sure, we had all sorts of amateur criminals on the web in the predotcom and dotcom era and that might’ve cooled down a bit since. But now all the big players are adversarial, instead.

Edit: Typo in spoiler tag

True that. Even though that is also made more difficult by that same social environment often being fully googled and thus always busy with some slop.

Then they should’ve included a short TLDR even harder

TLDR: Open package repositories without some approval and oversight system, like AUR, will have even more problems in the future due to advanced coding AI and malicious foreign hackers.

Edit: Please normalize TLDR’s on bot posts with just a link.

Edit 2: I have been rightfully informed that this is not a bot post. I still think links should not be posted without a tiny abstract, one might say: a TLDR.

I have also been informed that the text does not spell out “foreign”. This is correct. The text does say

Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.

This implies but does not establish the nationality of attackers. While Arch has contributors from all over the world, it is commonly cited as being a Canadian distribution (example, see below). https://distrowatch.com/table-mobile.php?distribution=arch

Second this and adding: Fiduciary responsibility and how US economic law places it above all else. Other jurisdictions, particularly in Europe, require companies to balance multiple responsibilities, such as towards their workforce, societal, ecological, and yes, fiduciary, too. It doesn’t solve all issues and can be vague AF, but at least well-meaning CEOs can fall back to these other corporate responsibilities in court while the same CEO would be sued into oblivion by US shareholders.