"The most troubling aspect is that there's too little supervision of changes in projects."
Nope! It's far less about supervision and far more about process. Especially in the FOSS world, which relies heavily on peer review & the user community to ferret out bad code as happened in this cause by someone doing database benchmark tests and noticed the SSH logins were taking much longer than normal. If you've ever found yourself supervising a bad process, you'd know this beyond a shadow of a doubt. I can't tell you the number of jobs, where as a technical person, I did way more work fixing bad & broken processes than I did fixing bad & broken workers, with the exception of the occasional incompetent, lazy or bad worker who doesn't want to follow process or is unable to. In which case, you set them free to find another job! =)