Maybe Manjaro should delay update even longer to make it extra secure /s

In this case the slower updates payed off. There are many things wrong with Manjaro but slower updates is not one of them.

It’s not though, because the malicious release happened more than two weeks ago and manjaro had to fast track the patched xs from arch git repo. This is why manjaro should extend their delayed update policy to catch this kind of issue in the future (maybe 2 months instead of 2 weeks) /s