@danderson I think it's important to give credit where credit is due. Yesterday someone discovered it on Github, prior to the repo being taken down. I saved the malicious commit link, because I found it interesting.

Last night (long after all my Mastodon posts, so don't read much into them) I joined the tukaani IRC server, because I was curious if Lasse was aware yet. While I was there I mentioned the issue with that commit, and Lasse pushed the fix. We 1/2

@eb @endrift the only thing Lasse would gain out of that is that they'll likely continue to be maintainer now that this has been discovered. I don't think that's close to enough reason for them to orchistrate all the conversations, so I'm not buying that theory tbh

It seems more likely that Lasse got bought out (or convinced) by Jia, after Jia gained his trust

That said, the most likely explanation imo is that Lasse was telling the truth in the PR description and wanted RISC-V filter 1/2

@eb Another interesting thing: https://www.mail-archive.com/xz-devel@tukaani.org/msg00570.html conflicts with the fact that, according to https://github.com/xz-mirror/xz/commits?author=JiaT75&after=74c3449d8b816a724b12ebce7417e00fb597309a+244, JiaT75 hadn't commited anything, he'd only authored stuff (I hope I'm reading that page correctly)

The linked message is definitely an attempt by Jia to request commit access

@eb @[email protected]

I kinda doubt Dennis Ens is either. He initially opened the thread, likely to plant the idea that xz needs a new maintainer. He then came back to guilt trip "I am sorry about your mental health issues, but...the community desires more"

EDIT: I initially misread "desires" as "deserves". I think my point still stands though