> It is not yet clear if the > maintainer intentionally did this, or if the changes were introduced via > a compromise of his computer.
I think it is pretty clear by now. [1][2][3] There is a bit more to it all than just this -- the maintainer wasn't responsible (Lasse Collin), the co-maintainer -- JiaT75 (or what you might call the person) was from the looks. [1] https://boehs.org/node/everything-i-know-about-the-xz-backdoor [2] https://news.ycombinator.com/item?id=39865810 [3] https://www.youtube.com/watch?v=Kw8MCN5uJPg
