Could the XZ backdoor have been detected with better Git and Debian packaging practices?
Could the XZ backdoor have been detected with better Git and Debian packaging practices?
optimizedbyotto.com
Could the XZ backdoor have been detected with better Git and Debian packaging practices?
How did the changes in the binary test files tests/files/bad-3-corrupt_lzma2.xz and tests/files/good-large_compressed.lzma, and the makefile change in m4/build-to-host.m4) manifest to the Debian maintainer? Was there a chance of noticing something odd?