How long is it gonna take for them to use data created by those indians to train their AI model and replace them?

It places unknown/new software in a sandbox. You want an AV that tests all pre-existing packages in a sandbox.

A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.

How would it know this? Is this defined by a person/people? If so, that wouldn't have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.

This wasn't a case of some random package/program wreaking havoc. It was trusted malicious code.

Also, you're asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).

This is why I only buy shitty cheap chinese IoT devices. Less likely that they're going to enshittify my devices for profit. Maybe use VLANs and a firewall, though.

Wait til we mix facial recognition, drones, and AI. It'll be like in the movies (black mirror)!

It's crazy how they pressured/manipulated the maintainer. Especially fucked up considering he wasn't in a good mental state and was still helping the community by maintaining FOSS software.

What's the point of calling something a "fad"? If the technology works well and it provides value to you, why should you care what other people think?

(Example: Look at PHP)