Why Nostr? What is Njump?
2024-03-30 17:10:34

Dave Anderson on Nostr: The poor original maintainer of xz is on it now, and has already found another "fun" ...

The poor original maintainer of xz is on it now, and has already found another "fun" thing: https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f9cf4c05edd14dedfe63833f8ccbe41b55823b00 . The configure check for enabling the Landlock sandboxing facility was subtly broken, so that Landlock support would never get enabled. The original malicious commit landed around the same timeframe as the main backdoor, also at an abnormal time of day compared to the new maintainer's historical activity pattern.
Author Public Key
npub16272q2qvgcswvunpmmr7lelwcjcu5vhdxlyyjkxkca44w5npxtzs9wje7e