- Enforcement of blob-generating code to be committed too and a test to check if someone has tampered with the blobs. Or generate test-blobs just before execution. In short: habe everything readable. - Once a project is referenced just over a reasonable threshold the maintainer should be checked and may transfer the ownership if the new maintainer is verified too.
Read pull requests
The companies making billions (trillions?) off this stuff could actually fund it and stop relying on exploiting naive code monkeys.