How about Gitea?
I agree, mistakes and vulnerabilites happen in all software commercial and open. Now I can only speak for RetroDECK but, we also make mistakes and need to do minor patches to fix those.
I think Jorge and the team handled it as you should: Be transparent, inform on all channels they can and learn from your mistakes.
Me personally have full confidence in them.
Those that try to hide or shift blame of mistakes are a bigger red flag in my book.
Jorge, Kyle and the others over at ublue is doing a great job with their Fedora spins.
I run Bazzite on all my computers and if you got a full AMD system you can even get full gamemode running by installing the deck image. This in turn give you the best controller experience for games, as Desktop Steam got several issues with Steam Input valve have not fixed yet.
But not all credit should go to them for this but also ChimeraOS team, Nobara and others that are constantly working on an improved gaming experience on Linux.
When developing RetroDECK Steam Input profiles I mainly use the Steam Deck with SteamOS and Bazzite on my desktop to test them.
There is https://github.com/ShadowBlip/OpenGamepadUI/
As well.
RetroDECK uses ES-DE but don’t support native games yet, so pure ES-DE is better for this.