The rejection of OAuth usage is justified, as depicted in the Medium article; however, many developers, for various reasons, did not have an SSH key at the time of the snapshot, excluding them entirely from the distribution.
To my knowledge, no warning was given beforehand, making this situation frustrating for many of us.
Why not perform another scan for accounts not picked up ? Doing so with a beforehand warning would leave no space for complain or debates, just like the end date of claiming window leaves to space for debate, since it was a stated rule from the beginning.
Right now, the usage of SSH keys as a main criteria with no warning when it is a random criteria picked unilaterally with no precedent feels like a hole in the distribution.
Best way to do this would be to withdraw all the remaining FLT-DROP tokens, which is possible for the Executor (DAO). Then, the DAO would to deploy a new contract to distribute the remaining tokens, with a new Merkle Tree that would include new Github Account picked up by the Re-scan & consider the 4500 addresses that already claimed their tokens. Doing so, it would require no additionnal action from the addresses that already claimed.