Hey it's totally cool that #Microsoft #GitHub blocked access to one of the repositories in the very center of the #xz backdoor saga. 
It's not like a bunch of people are scrambling to try and make sense of all this right now, or that specific commits got linked to directly from media and blogposts and the like. 
Cool, cool. 
Seems reasonable reasonable that they would block it. Sources can be made available to people looking into it, assuming they don't already have a local clone.
But leaving available to the public would allow copycats or other bad actors to study the code as well.
@eric that's bull, sorry.
First of all, it's available in hundreds of other places, the cat is way out of the bag here.
But secondly, for figuring out what had happened an *authoritative* source repository is crucial. That GitHub repository is the authoritative one for this project. That's why everybody's been linking to it in the first place.
Now these links are gone, and the situation is ripe for someone to create a faux copy maliciously and try to trick people into analyzing that instead.
@rysiek @eric There is a reliable archival copy at https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://github.com/tukaani-project/xz&snapshot=bcdaf33e1b3864c1c5f52dca8389a8f68d679e03
Still, the same sorts of concerns apply to the availability of meta discussion on GitHub for analysis. The release tarballs seem especially crucial, though I expect these also are archived e.g. by Debian.
"the same sorts of concerns apply to the availability of meta discussion on GitHub for analysis"
Yeah, comments on issues/PR would still need to be made available for those investigating, and that wouldn't be available in the git logs.
Michał "rysiek" Woźniak · 🇺🇦
Eric
Philip McGrath
Cassandra is only carbon now