alt Hacker NewsThe xz backdoor relied on a discrepancy between the development repository and the released (source) artifact.
While skipping the released tarballs wouldn't have prevented the problem entirely, it would have made it much harder to hide.
The xz backdoor relied on a discrepancy between the development repository and the released (source) artifact.
While skipping the released tarballs wouldn't have prevented the problem entirely, it would have made it much harder to hide.