[codetrotter]

> zero transparency

> could be a state actor trying to lay the foundation for future backdoors

idk if presence of “names” are a good signal to indicate otherwise either

https://www.wired.com/story/jia-tan-xz-backdoor/

[nextaccountic]

It's the contrary. It's only because we can identify Jia Tan's contributions that we can throw out just his contributions and revert to (say) xz 3.2

If xz contributors were anonymous, we would need to throw out the whole thing

[codetrotter]

If the Minibone repo turns out to be malicious I don’t think it makes much of a difference whether they are committing as one anonymous user, or as 12 fake people.

[nextaccountic]

Tracking the fake people still give some information (for example, the more sock puppets, the harder it is to simulate discussions in issues, PRs, etc)