A Small Note on Comparisons in the xz Fiasco

The xz fiasco has made fascinating reading, and brought up some real questions about open source development and overall safety. It's also brought up a slightly malformed thoughts on 'open source vs proprietary'.

If comparisons were to juxtapose operating system safety, then it seems misplaced, given that Windows, OSX, and Linux all use xz. The choice of OS doesn't seem to help here.

Or if the comparison were to juxtapose development methods, this seems to compare a known thing - how xz is developed - with an unknown thing - how Windows develops its tooling.

I can't see what most of these comparisons really want to juxtapose. The various comments seem to leave this as an exercise to the reader.