A solo maintainer getting hit by a bus can be mitigated by forking the repo by other interested contributors. A more malicious scenario raised by OP is a solo maintainer with little to no funding getting enticed by a nation state actor to add a backdoor, a supply chain attack proven to be very feasible by the recent XZ library incidence.
No comments yet.