The malicious code is only thought to have affected deb/rpm packaging (i.e the backdoor only included itself with those packaging methods). Additionally, arch doesn’t link ssh against liblzma which means this specific vulnerability wasn’t applicable to arch. Arch may have still been vulnerable in other ways, but this specific vulnerability targeted deb/rpm distros
Glad you are okay. I got out yesterday too and the scenes of the city were just an absolute mess. Glad the cell towers are back online, so many people I saw yesterday were just trying to find a spec of reception to get even a single text out to their loved ones to let them know they were still alive.
It’s going to take quite some time to repair all the damage and get power back up, but I saw the National Guard rolling in as we left with tree chippers 🙏