One of its main packagers lives in China, which is, you know, not exactly privacy-friendly… This of course would’ve been fine if all Arch Linux packages were reproducible, but this is not yet the case (see <reproducible DOT archlinux DOT org>).
Location: Wuhan, China
I couldn’t report this on <github DOT com SLASH privacytools> because GitHub rejects registration attempts made using Tor Browser. You should really self-host GitLab or something…
Sorry for the links, this forum doesn’t let me post more than two.