First (?) hacked Emacs package

I'm increasingly worried about becoming a victim of these kinds of supply chain attacks. By choice, I don't use any exotic software and, as such, my system is pretty code to a standard Fedora install, plus a few Vim packages, scientific python libraries and some other stuff that, that just doesn't come to my mind right now. Regardless, I know that when I do install new software, I never check if the Github config is trustworthy or what the transitive dependencies are. It's impossible to individually guard against supply chain attacks; it takes too much time and requires too much expertise.

My best guess for a short-term solution is to stop installing the newest releases. It seems like these kinds of attacks are usually caught within a few weeks or months at maximum. Not installing new releases for a bit means that I also don't get new security patches, but I suspect that, on average, this isn't such a big deal when we're talking about mature software.