see shy jo on Nostr: I count a minimum of 750 commits or contributions to xz by Jia Tan, who backdoored ...
I count a minimum of 750 commits or contributions to xz by Jia Tan, who backdoored it.
This includes all 700 commits made after they merged a pull request in Jan 7 2023, at which point they appear to have already had direct push access, which would have also let them push commits with forged authors.
Probably a number of other commits before that point as well.
Distributions are reverting the identified backdoor. This is insufficient given this volume of activity. Revert to before any of this
This includes all 700 commits made after they merged a pull request in Jan 7 2023, at which point they appear to have already had direct push access, which would have also let them push commits with forged authors.
Probably a number of other commits before that point as well.
Distributions are reverting the identified backdoor. This is insufficient given this volume of activity. Revert to before any of this