I'm not sure that flies if an official regulated entity is involved. For example, a non-profit or something that spearheads a project (as with Linux). Maybe best efforts to collect dev data will suffice, but this is somewhat unchartered territory (for FOSS software) in the US from what I can tell. It may not suffice and anon devs may just get booted anyway.

The best strategy could be to let the regulated arm do what it has to and then use the right to fork for those of us who aren't regulated non-profits or whatever.

I'm honestly not sure how this plays out. Centralized funding is an obvious issue here because that's the attack vector government is using. It isn't practical to go after every single one of us pulling from repos.

I think the result is going to be greater fragmentation, lower quality and less secure software in the long run. Hopefully I'm wrong.

Either way, forking Linux outside the US may help, but so many other US based projects are using it that I just don't think it's practical. The whole thing is goofy.