maciejb.me

This is a collection of links and quotes from the many articles published on the topic of the recent XZ Utils attack. There is no original research here. Andres Freund’s email to Openwall mail list, that publicly disclosed the vulnerability Bash Obfuscation Explained from gynvael.coldwind.pl two pieces by Russ Cox: Timeline of the xz open source attack and The xz attack shell script Filippo Valsorda’s thread on Bluesky I found Russ Cox’s Timeline of the xz open source attack to be particularly informative on the social / human aspects of the operation. Here is an excerpt: ...