@lcamtuf You make very good points here. I also think that this shows that we - speaking of OSS community - are now very much potentially a target of various state-actor interference, and those attacks might not be directly technological. Sometimes projects are very good at technological opsec, but social manipulation is not something we care about - and well, we clearly should.
@marmarta @lcamtuf
It's not even social manipulation, really; passing the baton to someone who appears willing and able is pretty much best practice