I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.
I’m not concerned that they followed the best advice of their lawyers to respond to the legal and political challenges that currently exist.
I am concerned that hostile nation states (define those as you will) have made supply chain attacks (remember the xz Utils backdoor) so common that actions like this or worse are becoming necessary and that open source, globally contributed software could be at risk.
This does very little to protect against supply chain attacks.
Your example shows that too.
Increasing modularity and reducing complexity of software seem to be the right way to that end. Plan9, GNU Hurd, Minix3 are interesting in that context.