Maybe we need an international NGO/co-op to provide essential services for small, essential FOSS projects such as security comms, security audits, build infrastructure, testing, best practices, background investigations, and so forth.
The "one guy's little piece of code holding up the world" is a SPOF and much easier to attack than if they had some help and automation.
> They will turn FOSS into a walled garden, as if contributing to projects was not a pain already.
The only thing in here that has potential negative impact are the background investigations, but it might be reasonable to have an independent third party that offers this as a service for project leads.
The "one guy's little piece of code holding up the world" is a SPOF and much easier to attack than if they had some help and automation.