It is. Time to switch to Zstd and ditch legacy libraries and standards.

according to the german wikipedia :

"The settings are such that decompression is about 1300 percent faster than xz, while the packet size increases by about 0.8 percent.[13]​"

the compression ratio is not as good as xz...

yes its faster but many times performance does not matter and compression ratio is all what matters.

This is why I think Linux packaging is a failure right now. The constant "Just fork it!" nature of Linux is spreading resources too thin. Too many different package managers. Too many different software repositories with overworked packagers trying to keep up with the thousands of applications a distro might have. Too many different distributions that are all largely the same except for some very superficial differences.
So as a result, no one is actually taking the time to double check and review things. XZ is a critical core component of many distributions and software packages. If a critical component, and an otherwise stable feature-complete application gets an update, it should be scrutinized to the fullest extent.
Instead of we have spread-thin package maintainers that just vacuum it up without a second thought.
I get that it's difficult to understand what someone else's code is doing, but that's why the KML requires certain standards and comments that clearly explain what the code is trying to do.
For critical components like XZ, maintainers should just flat out reject updates without clear comments that carefully explain what each new addition is doing.

Yeah, but they give us high comedy like

I still remember the height of the "nothing to hide nothing to fear" days, TBH, nothing actually changed there, they are just quieter than they used to be.
I don't think OSS is special tbh, Its just like those countries that actually put their corrupt politicians in jail - they aren't more corrupt, it's just more visible.
Rasberybery Pis used to have default Pi/Pi user/pass logins, now every ssh server that goes online will log a thousand plus failed Pi logins a day.

It is not possible to characterise a compressor or a decompressor with a single number for speed or compression ratio, not least because the program is often tunable, trading off speed, compression ratio, and possibly memory usage; results will also depend on the data being compressed, with some data being easier for some programs to compress than others. This means a simple statement about speed and compression ratios is likely to be wrong.
There are many online resources showing the results of testing different compression/decompression programs against test data. It is a good idea to review several such tests to give some basis for deciding whether a particular compressor/decompressor is suitable for your use-case, or not. This is not a case where there are simple answers where a single program covers all cases optimally. Life's complicated.

All Linux distros should abandon XZ alltogether in my opinion. There is no reason to use it, it is a garbage format to begin with, now with malware inside too? No way... There are many alternatives.

if you use gnome 46 and you go into the explorer/file manager and make right click on a file and click on compression you can only choose
between:

.zip
.tar.xz
.7z

well someone should tell these gnome developers to add Zstandard/Zstd

the reason is really .zip is totally outdated and obsolete and .tar.xz is only used in linux and mac

and well .7z you need to install 7zip in windows... and no one knows why microsoft add this open standard to windows ..

I saw a link to a mailing list post from 2022 where the maintainer informed people that he was suffering from mental health issues (causing updates to be slower than usual).

The responses were most unkind, "You ignore the many patches bit rotting away on this mailing list. Right now you choke your repo.​".

I think it was the new maintainer who did this.

I wonder how much those original responses lead to this incident.

EDIT: Link to the mailing list posts: https://www.mail-archive.com/xz-deve.../msg00567.html