[ejholmes]

It's a pretty scary prospect, to the point that I have to imagine it's already happening to some degree. If a nation state wants a backdoor, what better way than to bribe the cash-strapped OSS maintainer of that little project that every company depends on.

[ddalex]

The problem is that the type of engineers that work on OSS takes own integrity very seriously, and they build their network of trust on that integrity.