pretty interesting that github has only one hammer to respond to incidents like this and it's "block access to the repository so that nobody can see the source code history" apparently

(if i'm being generous, this might be to prevent dogpiling. but it sure does make all the commit references in the oss-security email this morning useless)