Hopefully this xz scandal will give the kind of big corps which already pay OSS maintainers the kick up the arse required to treat their entire supply chain as a potential attack vector that should be audited and supported. Or maybe I’ve just asked the monkey’s paw for increased corpo control over OSS projects…