[thewavelength]

Please read this email [0] from the original author of xz. Try take his perspective in his described situation.

I also recommend this summary [1].

[0] https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.h... [1] https://boehs.org/node/everything-i-know-about-the-xz-backdo...

[avsteele]

I am not assigning any personal blame or making an accusation of bad judgement on the maintainer.

Taking contributions from anons appears to be common. I am suggesting that should change.

[lifthrasiir]

Contributions from anons can and in most cases will be verified by maintainers. The actual problem here is appointing them as maintainers.

EDIT: To be clear, this problem is not directed to the original xz maintainer, but more about how to prevent or reduce such appointments in the first place.