Is this another subversion attack? Basically putting up some subverted package to a established one, that is lazily maintained and then created enough ruckus for the target to switch packages?