Kevin Beaumont on Nostr: Really good timeline of what is known to have happened so far. It looks like the ...
Really good timeline of what is known to have happened so far. It looks like the rogue developer deliberately introduced a vulnerability in other package, too - I haven’t seen anybody else mention this.
Reading the dev’s GitHub history, they’ve been making changes to other open source projects too around compression. It also appears they/somebody involved has other accounts, too.
https://boehs.org/node/everything-i-know-about-the-xz-backdoorPublished at
2024-03-30 12:01:51Event JSON
{
"id": "100bbc910fe61f894aac54866308a8170c2f7c1bff6ebc38a5a000d73fb0071a",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1711800111,
"kind": 1,
"tags": [
[
"e",
"5332436b98e97094a15195825e159eb9c8fa691cbe1bd8c8291e9d74e3558d91",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112184532084137978",
"activitypub"
]
],
"content": "Really good timeline of what is known to have happened so far. It looks like the rogue developer deliberately introduced a vulnerability in other package, too - I haven’t seen anybody else mention this. \n\nReading the dev’s GitHub history, they’ve been making changes to other open source projects too around compression. It also appears they/somebody involved has other accounts, too. \n\nhttps://boehs.org/node/everything-i-know-about-the-xz-backdoor",
"sig": "89a878f0681ca7329696f09375f5e3f20a8052259e794211602b26048b44f8187163835ca940e46ffd6f5bc7f547f546dbea74c266728c4f1f35df380bd2e235"
}
