• Rustmilian@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Knowing whether software is maintained. I’m not sure that that would have actually produced a different outcome.

    It wouldn’t have because XZ maintainership was given to the attacker. The attacker ran an entire abuse operation using puppet accounts to manipulate the already vulnerable owner. The attacker used high level social engineering tactics and ran a long con.