1 article with this tag
A trusted maintainer planted a backdoor in xz — a supply-chain attack. One engineer's 'this feels slow' caught it just before stable. Code wasn't the target — people and trust were. Minimize dependencies, pin versions, build reproducibly, chase anomalies, and support maintainers.