It's weird and disturbing that this isn't the default perspective.

Rolling back two years worth of commits made by a major contributor is going to be hell. I'm looking forward to see how they'll do this.

Hoe will you do that practically though? That’s probably thousands of commits upon which tens or hundred thousand commits from others were built. You can’t just rollback everything two years and expect it not to break or bring back older vulnerabilities that were patched in those commits.

I don’t thinks that’s necessary: there are enough eyes on this person’s work now.