It reminds me how xz was attacked even worsely : a very long term to become co-maintainer and then trigger a hidden attack, detected only because someone working on postgreSQL saw a lag that should not have been. In my opinion, the main issue is not hypocrite commits, but profiting of maintainer burn out to push some malvolent code through core packages with small maintainer teams. As users, we have a responsability to not be assholes, or pushy to maintainers
It reminds me how xz was attacked even worsely : a very long term to become co-maintainer and then trigger a hidden attack, detected only because someone working on postgreSQL saw a lag that should not have been. In my opinion, the main issue is not hypocrite commits, but profiting of maintainer burn out to push some malvolent code through core packages with small maintainer teams. As users, we have a responsability to not be assholes, or pushy to maintainers