\s obviously

    • Wilmo Bones
      link
      Akan
      21
      edit-2
      8 months ago

      Former maintainer of the .xz project for about a year or two. Hid a backdoor into the code that almost made it into many bigger distros if it wasn’t found by a Microsoft employee.

    • @[email protected]
      link
      fedilink
      168 months ago

      More specifically, it’s the name used by the attacker. Could well be multiple people, or if it’s one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person’s real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that’s not foolproof as they could’ve just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they’re in a different timezone, though I think the latter is unlikely and overkill.

      • stebo
        link
        fedilink
        78 months ago

        so it’s very well possible that they’re a CIA agent named John?

      • Hovenko
        link
        fedilink
        68 months ago

        Yep seems like a bigger organisation being involved considering fact that this was brewing 2+ years.