[intelVISA]

That sounds quite daunting, Python and supply chain security are almost at odds with each other these days.

Lowkey surprised that any well-resourced org would use it given the outsized risk profile and poor performance.

[toomuchtodo]

It’s not used in the core or for anything load bearing, but has some ancillary uses, and we strive for total coverage (as much as practical). If we use something, we want to secure it as best we can.