the lesson *I'm* choosing to take from xz, as an oss maintainer, is that anyone trying to pressure or guilt me into doing something should immediately be told no, for security reasons
Or they are Chinese, and pick non-authentic Chinese names so people wouldn’t suspect them? I don’t think looking at the name can be a great way to identify the source.
This attack is clearly sophisticate: the attacker(s) are probably well-trained in obscuring their identity to not reveal much info from their name picks. Say, just use a random name generator.
Or they are Chinese, and pick non-authentic Chinese names so people wouldn’t suspect them? I don’t think looking at the name can be a great way to identify the source.
This attack is clearly sophisticate: the attacker(s) are probably well-trained in obscuring their identity to not reveal much info from their name picks. Say, just use a random name generator.