gábor ugray on Nostr: What I don't get about the xz backdoor story: why would Microsoft disable the xz ...
What I don't get about the xz backdoor story: why would Microsoft disable the xz repository on Github? The backdoor was clearly planted by the commits of user JiaT75; there was no foul play by the maintainers.
Who is helped by axing the whole repository (including the evidence)? What future risk is averted by this?
TBH I'm almost more concerned by this than by the original exploit.
Published at
2024-03-30 09:45:05Event JSON
{
"id": "6af4da630f0f278fbba82911008da8c16d36651185aef5c0587ff448e48ecd75",
"pubkey": "85297a7584a0c31d47f6d9e5b79b4d25418ad05a86ddc29bd573e7418d416d75",
"created_at": 1711791905,
"kind": 1,
"tags": [
[
"proxy",
"https://genart.social/users/twilliability/statuses/112183994334380033",
"activitypub"
]
],
"content": "What I don't get about the xz backdoor story: why would Microsoft disable the xz repository on Github? The backdoor was clearly planted by the commits of user JiaT75; there was no foul play by the maintainers.\n\nWho is helped by axing the whole repository (including the evidence)? What future risk is averted by this?\n\nTBH I'm almost more concerned by this than by the original exploit.",
"sig": "e031409d514569421ca44d7190067a9ad62bf056b7045e9dc21191b63626579fe7cf8e126fa77a61264be5addc286f07902fadf751936134334c414e60649504"
}
