Let this thread act as a table of contents for the software contributions found to be malicious or done in ill intent. With every story that you send in the comments, I will add a respective entry to the list in chronological order. Each entry in the chronology will show the date and the appropriate name, linking to your comment.
Please, give a summary in the words that you understand, point out the date it was effective and provide reliable links. These links may include the detailed report (required), malicious source and the fix (if any).
The important takeaway for me was that, like @AustinPowers1935 dealing with malefactor’s remnants, we need to come up with the better solution, not simply quarantine “modules” (in this case, entire translation).
Yes, disabling locale for the installer looks like a correct thing to do by Canonical’s protocol and it’s safe - but it is also malleable to the whims of outside contributors going unchecked. That “Danilo” troll is probably laughing in their cage of a room about how their mischief has caused an alleged drop in Ukrainian userbase of Ubuntu, even if the effects of hate speech AND the lack of installer (on top) were there just for a short while.
This all has birthed in the team a late realization about how resilient Canonical’s review process should be.
My take away is how can we prevent this from happening. A PR will be created from Weblate towards GitHub. I think there people can peer-review the translations before it’s getting merged.
EDIT: The problem is you can’t read all languages maybe. So translation PRs might require multiple approvals.