Given PyPI has been a vector for distributing malware into dependency chains, wouldn't you think that would be a more likely target for the DoJ over one of HN's favorite axes to grind?