FYI, there's a white paper out by Dan O'Dowd of Green Hills Software (see http://www.ghs.com/linux/manyeyes.html) that "It is trivial to infiltrate the loose association of Linux organizations which have developers all over the world, especially when these organizations don't even try to prevent infiltration, they accept code from anyone."
Although I don't agree with the positions expressed in the paper, I still find it interesting to hear what folks have to say. A story re the paper has been picked up by Computerworld and LinuxSecurity.com thus far. Cheers, Ken van Wyk http://www.KRvW.com