XZ Utils backdoor
tukaani.org

They haven't particularly made a comment on the situation so much as acknowledged it's happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn't because of disbelief of Collin, it's because we don't know enough about the situation to be able to say Collin is or isn't telling the truth here.)

  • Alex@lemmy.ml
    ·
    6 months ago

    Don't be too hard on Collin. Looking back on the threads it's fairly clear he's been the victim of a social engineering attack on an overworked maintainer. People were pressuring him to hand over maintainership while expressing disappointment at the slow pace of development. The off-list contact by Jia must have seemed like a helpful enthusiastic solution to a burnt out developer.

    • 2xsaiko@discuss.tchncs.de
      ·
      6 months ago

      People were pressuring him to hand over maintainership while expressing disappointment at the slow pace of development.

      Very likely that was part of the attack as well.

    • communism@lemmy.ml
      ·
      6 months ago

      I agree with that assessment, I'm not accusing Collin of anything. If it is what it seems to be then I feel very bad for him. Just being cautious with wording until things are more settled/until we know more is all.

  • spacedogroy@feddit.uk
    ·
    6 months ago

    I think if you read through this and take it at face value, there is a pretty clear picture of what happened: https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

  • lemmyreader@lemmy.ml
    ·
    6 months ago

    Archived version : https://web.archive.org/web/20240330134018/https://tukaani.org/xz-backdoor/