@malwareminigun @hyc @coderanger Well, there's two parts to the JiaTan situation:
1) Attackers gained control of the project
2) Attackers (now project owners) published malware

I can't think of any way to mitigate (2), but I can think of some ways to make it slightly easier to defend against (1). I'm open to ideas though!