\s obviously

    • Wilmo Bones@lemmy.world
      link
      fedilink
      Akan
      arrow-up
      20
      ·
      edit-2
      7 months ago

      Former maintainer of the .xz project for about a year or two. Hid a backdoor into the code that almost made it into many bigger distros if it wasn’t found by a Microsoft employee.

    • communism@lemmy.ml
      link
      fedilink
      arrow-up
      16
      ·
      7 months ago

      More specifically, it’s the name used by the attacker. Could well be multiple people, or if it’s one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person’s real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that’s not foolproof as they could’ve just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they’re in a different timezone, though I think the latter is unlikely and overkill.