Has there been a single publicly known attack that would have been prevented by this?
Zero in Debian. They have enough other procedures to catch it.
Less diligent projects had it but there are easier ways to fix it
Several actually. Pypi is regularly targeted in this way.
alt Hacker News
Zero in Debian. They have enough other procedures to catch it.
Less diligent projects had it but there are easier ways to fix it