Hacker News new | ask | show | jobs
by ericpruitt 798 days ago
> Is not possible the attacker simply took over the account of some one genuinely getting involved in the community either hacked or just with $5 wrench and then committed the malicious code ?

Given the behavior of the accounts that applied pressure on the original xz maintainer, this seems unlikely to me.
1 comments
ilvez 798 days ago
Or they just bought the guy at one point, because I understood the malicious behaviour started quite recently.
link
timschmidt 797 days ago
Jia Tan's very first commit two years ago made suspicious changes to liblzma. See the timeline here: https://boehs.org/node/everything-i-know-about-the-xz-backdo...
link