Do you know if it was actually the commit author, of if their commit access was ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thayne on March 30, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... Do you know if it was actually the commit author, of if their commit access was compromised?

bpye on March 30, 2024 [–]

If it was a compromise it also included the signing keys as the release tarball was modified vs the source available on GitHub.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact