The flaw it exploited was both human and technical: Devs supporting ubiquitous blocks of software. Blocks of software on which everything else is built. Its not a new vector, we’ve seen malicious code commits before. Weve seen entire repos taken over or even sold.
Yet its not one we have a neat solution for. It cant be fixed with donations or SDLCs alone. You cant fix it without addressing both human and technical. 3/3