So, like most people, I'm pretty concerned that the principles of WordPress, it's relationship with plugin vendors, hosting companies, and open source is currently in tatters. And it's widely agreed the person in charge is out of control. So far we have people blocked from updates, a hugely important plugin captured/held to ransom, and the reputation of WordPress being eroded with childish changes to important legal documents and even the wordpress.org login. Further threats/insults are now being reported from other plugin manufacturers and hosting companies.
With Matt still in control, the likelihood of further damage is highly likely, but how far will he go? We don't know because actions are impulsive and revenge driven, but to have gone as far as "stealing" a plugin, affecting millions of customers, I would be a fool to imagine he respects any boundaries, or still cares for the ecosystem as a whole. This is a dire situation.
One thing that worries me is what other options that could be weaponized, that we haven't thought of yet.
I'm sure there are many, but am I right in thinking that WordPress can push updates and critical fixes to every WordPress site? I'm sure they've done this before for critical security issues. (the same ereason used to take over ACF) If so, is there a way to plug this hole and protect sites from further damage via this method.
Can anyone think of other vectors WordPress could exploit to damage plugin authors, hosting companies, and websites owners?