In case you thought I am only a cranky old-fashioned engineer when again ranting on software bloat and its related dangers, maybe think again.
Ars Technica: What we know about the xz Utils backdoor that almost infected the world.
A backdoor to log in to all major Linux installations with root privileges? Nice. No hacking needed, no exploitation of obscure defects. Just an access key added during the installation of a ubiquitous utility library on-one even gives a second thought when including it.
Thomas Depierre in 2022: I am not a supplier.
As so often, xkcd gets it right:1
