everybackdoor·2 года назад·discussLook at the newest commits, do you see anything suspicious:https://git.alpinelinux.org/aports/log/main/gettextlibunistring could also be affected as that has also been pushed there
everybackdoor·2 года назад·discussJiaT75 was also a prolific contributor to xz over the past few years, so your assumptions are generally invalid at this point.
everybackdoor·2 года назад·discussFunny you should say that, given they definitely have exploit code in `vcpkg`
everybackdoor·2 года назад·discussThey may be right: https://git.alpinelinux.org/aports/log/main/gettextTimeline matches and there is a sudden switch of maintainer. And they add dependency to xz!
https://git.alpinelinux.org/aports/log/main/gettext
libunistring could also be affected as that has also been pushed there