<p><span class="h-card" translate="no"><a href="https://twit.social/@jann" class="u-url mention">@<span>jann</span></a></span> an update on this: the only way to stop the spread of malware was to disable the repo. As in other cases, researchers can contact us for access, but in a situation like this, it might not be ideal to nuke the repo, but it’s the only thing we can do to prevent the spread of malware. It’s a tricky problem but I’m pushing for us to offer more clarity around how our process with this works.</p>