The actual simplest solution is not for this maintainer to take on additional maintainers and "oversight". The simplest solution is for him to ignore all this and continue maintaining his project however he sees fit. People who release software as open source do not suddenly gain an obligation to mitigate perceived risks or follow corporate policies from their downstream users. This is just another iteration of managers yelling at open source volunteers for not responding to their bug reports in the way they want.

If this is a risk for the DoD, they have a number of options: review the code and subsequent changes, fork the project, write a replacement, (attempt to) buy a support contract, etc. None of these is the responsibility of the maintainer unless he chooses to help.

You had me going until here. This doesn't match my experience or that of any other Tesla owner I know. The more typical experience is that the first few updates are great. Then once your car isn't the newest model with the newest hardware inside, every update has a significant chance of introducing bugs that might or might not be fixed in a subsequent update. As far as I can tell, their regression testing doesn't cover anything more than the basics outside of the safety critical systems.

Having access to an individual coworker's pay does nothing except invite demoralizing comparisons. What if you make more? Is that because you're a better employee, or a better negotiator, or because your college GPA happened to be higher? Or maybe some other good or bad reason. Who knows? Their salary won't answer those questions for you, but it might easily make it uncomfortable to work together. It's rude to ask about other people's income because it's unhealthy and counter-productive to compare yourself to other people.

On the other hand, having access to anonymous, aggregated data about the compensation range of people doing similar jobs in a similar location is useful because it helps you see if your pay is within the normal range. Instead of demanding to see your coworkers' pay, demand to see the salary bands for your position (or just look on glassdoor). If you're within the normal range and otherwise happy with your situation, stop worrying about where your coworkers fall in the range. If you're below the normal range, ask for a raise or change jobs. If you're above the normal range and you're still not happy with your job, maybe it's time to decide whether money or happiness is more valuable to you. In any case, you don't need to know what any particular coworker takes home to make your decision.