How difficult is it for the US government to supply chain attack other countries that are using popular Python packages such as PyTorch given their power over these kind of global software infrastructure under US internal law? Are we able to assess it given there are gag orders as well?