@lcamtuf You make very good points here. I also think that this shows that we - speaking of OSS community - are now very much potentially a target of various state-actor interference, and those attacks might not be directly technological. Sometimes projects are very good at technological opsec, but social manipulation is not something we care about - and well, we clearly should.