I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
There are so many fun and useful GitHub bots you can write.
But please don't write this kind of bot.
Sure, maintainer can do whatever they want with their project, but I wouldn't want to use their library, let alone contributing to the project.
There are so many other ways to gain followers and likes/stars than holding hostage of other people's PR. This is why your project needs a community builder/manager and devrel.
After 11 years and 15 days from 2012-07-12, I am proud to present the first real release of MoeNavigator - a web browser written from scratch in C++. Its engine (called MoeNavigatorEngine) is also written from scratch: