Eveyrthing I Know About the Xz Backdoor - Evan Boehs

Shared: | Tags: programming

xz, a widely used open source compression tool, introduced a backdoor with malicious code. This in turn has affected a number of applications and distributions, the most notable of which are Fedora, Debian (unstable, experimental) and HomeBrew. Evan Boehs has pieced together a timeline of events going as far back as 2021 which tells a story of how JiaT75 using social engineering became a trusted member for the open source project. Pressure (very harshly so) was applied to the Lasse Collin the sole active maintainer at the time to add another maintainer to xz from seemly multiple people. This coordinated attempt lasting two years is honestly quite shocking.

Read from link