to be honest this all looks like a Sting-Operation​ of the secret intelligence agencies.
looks like their activity was closely monitored and studied. and of course relevant persons where informed to not install the bad versions into stable or release versions of their distros.

"I don't care about 0,1% better compression than other formats when there is absolutely no reliability whatsoever."

well sounds sane and just to me what you say but then tell me why do all the desktop like gnome not add Zstandard/zstd to their guis ?
but this is not only a linux problem on windows microsoft also only add .zip support why all OS are so crap in this meaning ?
i mean .zip is completely outdated and waste much space.

"i just don't want it shoved on my OS no more... Reverting to a "safe" version won't cut it for me in the long run"

i don't think a "Safe" version do hurt you... but again before you lobby to remove xz should be not first lobby to add zstd to gnome gui and other desktops ? i mean even windows and macos and andorid...

my educated guess is that he was not bribed to "suffer" and step away instead most of the time they where blackmailed and do whatever these evil people want him to do because of the blackmail. they already say that he was pressured by multible people i am pretty sure that they did more than pressure him means they actively blackmailed him.

"But XZ's reliability is totally compromized at this point"

to me it looks like the orginal maintainer of the git tree is innocent...

well you are a Archlinux user and its a rolling distro means you where more or less the only people hit by this. all non rolling distros like fedora or debian or ubuntu or whatever it never landet in any stable release...

you hate xz now i unterstand but you need to unterstand that you and rolling releases like archlinux are part of the problem to.

if you want security agaist supply chain attacks you should not use a rolling distro like arch linux.

Actually, Archlinux wasn't affected by this particular exploit, even though it used the latest version. The exploit triggers on debian and red hat based systems. There goes your theory.... Also, Debian was the cause of a much worse security hole years ago, it essentially disabled the random number generator for its encryption making all the keys it produced deterministic, and that hole remained for 2 whole years and affected pretty much all debian based systems including ubuntu until it was discovered.... And that's just one example...

So this anti-rolling release rhetoric is total BS. There is nothing wrong with rollign release and/or bleeding edge. It is not Arch's fault that an upstream developer was a malware distributor. If no one ever used the bleeding edge, guess what, the beta testers affected by such malwares would be the end users of Ubuntu and other "safe" distributions....

And now the person doing that pressure is strongly suspected to be an accomplice (or an alt) of "Jia Tan".

Knowing that the maintainer is having some mental health problems, this "Jigar Kumar" put on the pressure to make "Jia Tan" a maintainer.

The fact that this "Jigar Kumar" person disappeared completely after "Jia Tan" was made maintainer is highly suspect.

This probably shouldn't be surprising.

More attackers = more people proclaiming there are no attacks.

Like, its pretty obvious those recommending that people use winblows in these circumstances are probably pwning winblows machines in their spare time.

Just like its obvious those mad that they thought github removed their access to linux malware probably arent interested in finding linux malware in order to protect against such things in the future.

if you think rolling is right for you so be it. this was not anti-rolling release rhetoric is total BS....

but i for myself i think this xz case even if true that arch was not affected shows that rolling is a dangerous thing because any such supply chain attacks will hit rolling distros first.

this my friend is very funny... "More attackers = more people proclaiming there are no attacks."
yes of course every attacker will proclaim there are no attacks... the more attackers the more people proclaim there are not attacks.

sadly the phoronix.com forum is flooted by fools like this.

"pwning winblows"

i just need to read my CompTIA Pentest+ or CEH v12 Certified Ethical Hacker Study Guide book most education about hacking and pentesting is about windows.
From this standpoint the knowelege to pwning windows is widely teached in CompTIA and eccouncil.org

the knowelege to hack linux is not teached like this. this means you are absolutly right they "pwning winblows machines in their spare time."

"arent interested in finding linux malware"

i think you are right about this to many people are more interested to steal the knowelege how to build such linux malware. because its valueable knowelege for these 1-Day black hats...

20+ years ago, in the run up to the patriot act and all the propaganda that surrounded it and I had no idea what was going on I got really quite frustrated.

Now, technically, even the US actually has laws against it.



But the best medicine for it is really to just call them out, and I actually enjoy making them squirm.

If you or anyone hasnt already, see also

hell yes this is helpfull information thank you...

I really think these 2 users: Avis/Birdie and sophisticles are really some kind of Psychological Operation to perform Online Deception/ DISRUPTION Sabotage of Organizations...

its 100% sure for me. the question is really why [email protected] let these people operate in this forum.

Maybe he is involved in this operation. Sorry, but I couldn't resist.