@arstechnica Yet another example of the consequences of hosting a project on github - a developer decides to add proprietary malware, or someone reuses/guesses a developers github account password (I guess those dumb enough to use github think they'll get away with adding proprietary software, or chooses poor passwords and reuses them) and then proprietary software is added release tarballs (but not via a git commit, as those are checked harder).

As always in free software, those doing the preliminarily testing of the new releases find any of such malware and report it.