Commit scanning probably wouldn't have caught this, since the backdoor happened outside of any commit.

Comparing the tarball's contents against the VCS repository would've likely made this easier to catch, but at that point you might as well just use the VCS repository directly.

i wonder if an llm could have spotted the malicious patches to autotools in the dist tarball...

a public, deterministic and assured build facility for oss would be cool. also maybe a deprecation of autotools.

Maybe, but good luck getting an LLM (one which does not include analysis of this particular attack in its training data) to spot this attack with a prompt that doesn't also create thousands of false positives when focused on the millions of non-malicious commits out there. I think we're decades away from them being that good.