True, however, that has been the case for quite a while. This particular incident doesn't change that, except for the VeraCrypt developer, who is in a crappy situation now (not just regarding VeraCrypt, he mentions he was using the certificate for his main job as well, so this sucks a lot for him).

Well, of course. Have the other commercial offerings every been "truly open OSes"?

Until Microsoft decides to no longer sign the Linux boot loader shim (for IBM/Red Hat, no less).

Except compulsory age verification in Linux is now becoming a real threat. Some Linux distros are actively against this but many are not seemingly interested in fighting it: CachyOS, Ubuntu, Fedora and others.

Age Verification is the thin end of a much bigger wedge in "open" OS's