@itsfoss @itsfoss damn. Just yesterday, I was pondering how am enduser could protect themselves from from formerly good but suddenly malicious packages. And I think that "showing how long it's been since a package's PKGBUILD last changed" is not enough. We need a check if there has been any sort of long pause in the maintenance activity of a package. Otherwise, an attacker could just make a benign change, then push the attack update right after so that the check script simply skips over.