Michael HanscomThe #xz news broke while I was at con and almost entirely offline, and what posts I’ve seen are technical enough that I haven’t _entirely_ understood it (I’m a fairly knowledgeable generalist geek, but no programmer), but I’m starting to get the impression that this is something along the lines of a modern version of #CliffStoll’s #CuckoosEgg? One person finds a tiny flaw that, once dug into, becomes a big “holy shit this is bad” realization?
Chris Radcliff@djwudi Yes. From what little I understand, “that’s odd” turned into “why is that there” which quickly became “oh no.” And the attack vector was “overworked maintainer bullied into accepting help and handing over access,” which leads to a sinking feeling of familiarity.
Paul Chambers🚧I saw a meme that summed the discovery up.
h/t @mookie https://happinessremixed.com/@mookie/112197159123118238
