@mattly @kornel you are already part of the supply chain because you already have a commit in a large, trusted project. It may not be a lot, but you have a non-zero amount of cred which could be exploited.
Gregory's Server