[$] PyTorch and the PyPI supply chain

The PyTorchcompromise that happened right at the end of 2022 was rather ugly, butits impact was not widespread-seemingly, at least. The incident doeshighlight some of the perils of relying on an external "supply chain" for the components thatare used to build one's software. It also would appear to be anothercase of "security researchers" run amok, though perhaps that part of the storyis only meant to cover the tracks-or ass-of the perpetrator.