daniel:// stenberg://In an almost spooky coincidence I wrote about backdooring #curl exactly on this day three years ago: https://daniel.haxx.se/blog/2021/03/30/howto-backdoor-curl/
"If the attacker instead can just sneak the code directly into a release archive then it won’t appear in git, it won’t get tested and it won’t get easily noticed by team members!"
... like... xz.
alex