What I don't get about the xz backdoor story: why would Microsoft disable the xz repository on Github? The backdoor was clearly planted by the commits of user JiaT75; there was no foul play by the maintainers.
Who is helped by axing the whole repository (including the evidence)? What future risk is averted by this?
TBH I'm almost more concerned by this than by the original exploit.
gábor ugray /
npub1s5…kdscq
2024-03-30 09:45:05
Author Public Key
npub1s55h5avy5rp363lkm8jm0x6dy4qc45z6smwu9x74w0n5rr2pd46slkdscqPublished at
2024-03-30 09:45:05Event JSON
{
"id": "6af4da630f0f278fbba82911008da8c16d36651185aef5c0587ff448e48ecd75",
"pubkey": "85297a7584a0c31d47f6d9e5b79b4d25418ad05a86ddc29bd573e7418d416d75",
"created_at": 1711791905,
"kind": 1,
"tags": [
[
"proxy",
"https://genart.social/users/twilliability/statuses/112183994334380033",
"activitypub"
]
],
"content": "What I don't get about the xz backdoor story: why would Microsoft disable the xz repository on Github? The backdoor was clearly planted by the commits of user JiaT75; there was no foul play by the maintainers.\n\nWho is helped by axing the whole repository (including the evidence)? What future risk is averted by this?\n\nTBH I'm almost more concerned by this than by the original exploit.",
"sig": "e031409d514569421ca44d7190067a9ad62bf056b7045e9dc21191b63626579fe7cf8e126fa77a61264be5addc286f07902fadf751936134334c414e60649504"
}