Your solution seems to just incorporate OSS and at some point it just isn't OSS anymore. The problem was not the developer of xz, it is the people that build upon it without reflection. Although to be fair, almost every developer has a dependency like that somewhere.
I find it funny that people call to support the developer. That is true, but the scam was exactly about how the dev was pressured to hire more maintainers. The lesson here should be that if third party is nagging you about your open source project, you just hint them on the "no warranty" part. Everything else is their problem.
I wish the developer would swim in money. He did more constructive work than many, many very rich people. Problem still is that there is no entity that could be trusted to pay him. If that would be corporation, the pressure would be even higher. Because then you are essentially a freelancing developer with a corporate contract. You lose freedom and independence, something many OSS developers specifically do not want.
I find it funny that people call to support the developer. That is true, but the scam was exactly about how the dev was pressured to hire more maintainers. The lesson here should be that if third party is nagging you about your open source project, you just hint them on the "no warranty" part. Everything else is their problem.
I wish the developer would swim in money. He did more constructive work than many, many very rich people. Problem still is that there is no entity that could be trusted to pay him. If that would be corporation, the pressure would be even higher. Because then you are essentially a freelancing developer with a corporate contract. You lose freedom and independence, something many OSS developers specifically do not want.