Comment by konschubert

> Such as? Should we assume that every patch was submitted in bad faith and tries to sneakily introduce bugs?

I’m not a maintainer but naively I would have thought that the answer to this is “Yes”.

I didn’t mean any disrespect. I didn’t write “I can’t believe they haven’t implemented a perfect technical process that fully prevents these attacks”.

I just asked if there are any ideas being discussed.

Two things can be true at the same time: 1. What the “researchers” did was unethical. 2. They uncovered security flaws.