what i've read about this backdoor issue so far i find puzzling, as well as a little frightening. seems with enough resources any big actor, state or otherwise, is and will be able to get around opensource security, eventually.
Technologist vs spy: the xz backdoor debate![Image/photo Image/photo](https://substackcdn.com/image/fetch/w_1200,h_600,c_fill,f_jpg,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F0fec94e9-c8c8-41f0-bf0d-553ffede670c_958x605.webp)
Well — we just witnessed one of the most daring infosec capers of my career. Here’s what we know so far: some time ago, an unknown party evidently noticed that liblzma (aka xz) — a relatively obscure open-source compression library — was a dependency of