\s obviously
this post was submitted on 01 Apr 2024
445 points (97.6% liked)
linuxmemes
20686 readers
1016 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
who's jia cheong tan?
Former maintainer of the .xz project for about a year or two. Hid a backdoor into the code that almost made it into many bigger distros if it wasn't found by a Microsoft employee.
More specifically, it's the name used by the attacker. Could well be multiple people, or if it's one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person's real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that's not foolproof as they could've just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they're in a different timezone, though I think the latter is unlikely and overkill.
so it's very well possible that they're a CIA agent named John?
Yep seems like a bigger organisation being involved considering fact that this was brewing 2+ years.
i think it's the person that snuck in the xz vulnerability