Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you raising the same concerns and targeting individuals behind all other sensitive projects? No, because that would be insane.

It's weird to have one set of standards to a maintainer since 2009 or so, and different standards for others. This witch hunt is just post-hoc smartassery.



Yes, I think if a project has backdoors and its old maintainers are unable to review them, I am more critical than with normal projects. As said, compression is used everywhere and in embedded systems, it touches a lot of critical stuff. And the project went straight for that since the beginning.

And this is in part because I can not even tell for sure that he even exists. If I had met him a few times in a bar, I would be more inclined to believe he is not involved.


I'm inclined to believe that whatever state actor was involved sent a memo to their sockpuppets to do whatever they can to deflect blame away.

See what I did there?


> As said, compression is used everywhere and in embedded systems, it touches a lot of critical stuff. And the project went straight for that since the beginning.

Uh, because it's a compression library?


From the project readme: > XZ Utils provide a general-purpose data-compression library plus 21 command-line tools.

https://git.tukaani.org/?p=xz.git;a=blob;f=README;h=ac812ff1...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: