This only ensures the backdoors are coming from governments that issued the clearances, nothing more. I prefer more competition, at least there is incentive to detect those issues.
It will ensure that my OS doesn't have code from random Gmail accounts. If someone with U.S clearance submits a backdoor, they should either be charged in the U.S, or extradited to somewhere that will charge them. We have no idea who this person is, and even if we did we probably could not hold them accountable.
I have worked with people (well, consultants) hired based on the fact they breathe - I would much rather jump thorough some hoops than to have to work with them ever again.
Note, I haven't used C in 15 years, have never looked at memcached code and in fact the last time I used memcached was before redis even existed.
It took me ~26 mins which included reading the article, googling the memcached repo, downloading all dependencies, compiling a first build, grepping for references to incr and adding mult with support for negative arguments, refactoring the guts of incr into two functions to support the changes, compiling, fixing a few compiler bugs then testing, given a few more minutes I'd probably be able to get it PR ready with a full test suite.
