it requires OAuth, not github's OAuth

If you've successfully logged in with non-Github OAuth, can you substantiate that with steps to reproduce? E.g,

1. Navigate to https://open-vsx.org/

2. [etc…]

Haven't tried it myself but you can always go to the code and do it yourself : I think the confusion here is that https://open-vsx.org/ requires github which is normal, they can require whatever they want you can even go in and add something else => https://github.com/eclipse/open-vsx.org

or roll your own : https://github.com/eclipse/openvsx

Why wouldn't you just say, "oops, I was wrong" instead of.... whatever you're trying to do right now?

open-vsx.org only requires login for publishers. Downloading / installing extensions is done anonymously.

You write as if you're providing some additional information that debunks the criticism here, but you're not. Stop trying to strawman and re-contextualize the conversation.

open-vsx.org is billed as "a public registry for open-source VS Code extensions, accessible for everyone" and a "vendor-neutral" "alternative" to Microsoft's own registry. To be implemented in such a way that folks can only publish to it by logging in using an auth service run by the other registry operator amounts to a compromise at the existential level.