[taspeotis]

Yes, Lenovo link to it themselves [1].

[1] http://support.lenovo.com/us/en/product_security/superfish_u... "Automatic Removal Tool Source code"

[cma]

Also possible that a Lenovo employee was at a coffee shop using wifi connected to the corporate CMS using http"s" and someone unrelated to Lenovo linked their fake repo on his/her behalf.