Mature open-source projects are vulnerable to admin-attack.