That’s a good start. In the long run probably three things are necessary:
1) wiring critical software in a language that protects better against such exploits. Might be Rust, Go, perhaps also C# and Nim.
2) Making reproducible builds the norm, that start from the original source code repositories (e.g., based on a Git hash)
3) making maintainers more resilient against social attacks. This means more appreciation, less demands, and zero tolerance against abuse. If the maintainer can be pressured, I am at risk.
1) wiring critical software in a language that protects better against such exploits. Might be Rust, Go, perhaps also C# and Nim.
2) Making reproducible builds the norm, that start from the original source code repositories (e.g., based on a Git hash)
3) making maintainers more resilient against social attacks. This means more appreciation, less demands, and zero tolerance against abuse. If the maintainer can be pressured, I am at risk.
The last one is probably the most difficult.