Let’s keep in mind that if this is a state actor or some sort of global organized crime, then they don’t put all their eggs into one basket. If that’s the case, they’re going to have a bunch of other plans and backdoor attempts ongoing. This isn’t the end and we can assume there’s something else somewhere that went unnoticed.
Security is a constantly changing war of attrition, not a goal/product/configuration.
What a dick. I couldn’t imagine spending that much time contributing to a project so I could introduce security vulnerabilities.
If this is one individual, and not a nation state, somebody needs to make some friends and pick up some hobbies.
I think its more likely someone spent this time contributing to the project specifically to exploit it
Yeah, I got that. I’m saying they need to make some friends and get some hobbies if they aren’t being funded by a state.
Wish I could be a fly on the walk when the bad actor realized years of work has just gone down the drain
Probably fear, then subsequently followed by their brains next to you on said wall. Whichever government paid for a multi-year campaign to backdoor enterprise Linux distributions is not going to be happy about this failure.
