Gabriel on Nostr: Couldn't find where I saw/heard about the XZ situation with that detail. Closest I ...
Couldn't find where I saw/heard about the XZ situation with that detail.
Closest I could find was this [OpenSUSE post:](https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/)
> Furthermore, others have already emphasized that the initial attack vector wasn’t technical. It wasn’t an archaic tarball. The actual initial attack was social engineering and used toxic behavior in communities. This is real and not only in this case affects the existing maintainers of open-source projects.
Closest I could find was this [OpenSUSE post:](https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/)
> Furthermore, others have already emphasized that the initial attack vector wasn’t technical. It wasn’t an archaic tarball. The actual initial attack was social engineering and used toxic behavior in communities. This is real and not only in this case affects the existing maintainers of open-source projects.