• RustmilianOP
    link
    English
    28 months ago

    Knowing whether software is maintained. I’m not sure that that would have actually produced a different outcome.

    It wouldn’t have because XZ maintainership was given to the attacker. The attacker ran an entire abuse operation using puppet accounts to manipulate the already vulnerable owner. The attacker used high level social engineering tactics and ran a long con.