[thinkingemote]

They did communicate off list and non publicly, that's as much as we know at the moment.

As an open source developer he might have received donations too from the adversary - it's reasonably common for devs to get donations to "say thanks". He might have had voice chats with them, who knows. The emails might be with LEO at the moment but I think its in the public interest for all communications to be released.

[netol]

It is unfortunate that Lasse Collin has been silent about what he knows about him

[imglorp]

If LEO is involved, they wouldn't be disclosing evidence to avoid the public interacting with suspects or possibly leapfrogging them and tipping off someone new.

In this case the public would benefit from knowing quickly who are the bad actors and what other projects they touched.

[netol]

This makes sense

[dralley]

Can we not dogpile Lasse after his vacation was ruined by this. He has much bigger concerns right now than trying to export and sanitize his entire communication history with Jia.

[netol]

I have a lot of respect for xz's original author, I just didn't think about the legal stuff, and that sounds quite reasonable to me now.

Personally, I find it hard to subscribe to certain theories, such as the possibility of Lasse being impersonated or involved in the incident. But that doesn't mean we should dismiss them outright at this stage. (And I'm sorry if you don't like to hear that, saying this is not comfortable for me either).

[account42]

Lamenting the lack of public information is a far cry from dogpiling on the guy.

[blindfolded_go]

For his own personal safety, he might not want to get on the bad side of whatever (powerful) actor was behind this exploit.