In my experience Russ Cox is always worth reading. But… in this case, only if you’re up to looking at extremely gnarly shell/sed/awk/etc incantations. These attackers were serious. #xz
@timbray The "timeline" posting might be more accessible to the nontechnical, because about half of it is about the social engineering: how the attacker spent two years getting a maintainer position with a combination of innocuous contributions to build reputation, and harassment from sock puppet accounts.
Add comment