This is a fascinating glimpse into the beginning of the #xz exploit, i.e. the social engineering.
Some users (accomplices of the attacker?) used the dev mailing list to badger and harass the maintainer of the project who was on the verge of burnout, to pressure him to grant co-maintainer status to the attacker.
Whether this was part of the attack or not, it’s a sad glimpse into the toxic pattern often found in open-source software, where users demand maintainers’ free labor, instead of helping them strike a healthy work-life balance.
Add comment