Post B2fx5vGF4BczTvKb7h by mvgorcum@chaos.social
 (DIR) More posts by mvgorcum@chaos.social
 (DIR) Post #B2fx5tqgJjaV6MMfdw by mjg59@nondeterministic.computer
       2026-01-26T11:16:58Z
       
       0 likes, 0 repeats
       
       Just to check on something: whomst amongst you would genuinely say you would have spotted the libxz backdoor by examination rather than by beaviour
       
 (DIR) Post #B2fx5vGF4BczTvKb7h by mvgorcum@chaos.social
       2026-01-26T11:23:47Z
       
       0 likes, 0 repeats
       
       @mjg59 wasnt the libxz backdoor only put in the released binaries, not in the source?Not that I would have found the backdoor either way, I wouldn't have found it by behaviour either.
       
 (DIR) Post #B2fx5wFZOAgUY81ZiK by mjg59@nondeterministic.computer
       2026-01-26T11:29:42Z
       
       0 likes, 0 repeats
       
       @mvgorcum It was in the packaged source, but not in git
       
 (DIR) Post #B2fx5x3uN0wz4FZmAy by ignaloidas@not.acu.lt
       2026-01-26T11:42:24.691Z
       
       0 likes, 0 repeats
       
       @mjg59@nondeterministic.computer @mvgorcum@chaos.social wasn't part of it in git? (not that the binary in the test files was really viable to notice since it was well obfuscated)
       
 (DIR) Post #B2fxrIb27kNBSueAmu by mjg59@nondeterministic.computer
       2026-01-26T11:48:40Z
       
       1 likes, 0 repeats
       
       @ignaloidas @mvgorcum The binary test data that contained the binary was, the configure file that turned that into code wasn't