Yes, it would have prevented this attack. It isn’t totally sufficient but it’s quick and easy and would have prevented this attack.
“Most people don’t want …”
I get it. I think the issue is that pushing junk code from malicious contributors into your project causes more hassle in the long run. If you just want to code and make stuff work, you should probably be careful who you pull from. It’s not just for the benefit of others, it’s first and foremost to protect the code base and the time and sanity of other contributors.
"Sorry, we had to kill open source software because bad people exist" -Microsoft laughing all the way to the bank.
The more paranoid walls you put up the more actual contributors getting into the movement say "eh, screw this, who wants to code anyway".
This isn't just a problems with OSS, this is a fundamental issue the internet as a whole is experiencing and no one has good answers that don't have terrible trade offs of their own.
Yes, it would have prevented this attack. It isn’t totally sufficient but it’s quick and easy and would have prevented this attack.
“Most people don’t want …”
I get it. I think the issue is that pushing junk code from malicious contributors into your project causes more hassle in the long run. If you just want to code and make stuff work, you should probably be careful who you pull from. It’s not just for the benefit of others, it’s first and foremost to protect the code base and the time and sanity of other contributors.