If you DDOS GitHub as a whole, how does that call attention to the one project a bad guy has trojaned?
If the project has mostly "commercial" developers then chances are they work on it during the week. DDOS GitHub during the week and let off for the weekend. That gives a few days worth for your trojan to be downloaded by the unsuspecting. People will also have tired hearing about the "github news" so new news about trojaning will take a little longer to disperse.