Yay. This is excellent news and hopefully the beginning of a trend.

No source code is perfect, and the xz utils vulnerability highlights how having everything fall to enthusiasts alone isn’t perfect. Adding some state level actors into the soup will hopefully add some additional validation to many key tool chains. (I wouldn’t trust state actors alone, as some governments clearly don’t have their citizens best interests at heart, but as another set of eyes to a public source, I think is good)