Attention about the Fedora Magazine article that elaborates this case: The article contained misleading information and still indicates misleading points after its update: If you have any F40 - including Beta - your “testing” branches are enabled by default: this means, any F40 has to be assumed to be affected and thus needs to follow the advice for mitigation below (please read the update 3 below). Communications between development and the magazine unfortunately is broken at the moment. The x...
Heavily, aggressively involved in cyber activities. Previous Chinese attempts were unveiled by similar small gotchas.
Arguably that’s hard to prove, and it could be NK, India, the NSA, etc., but it’s not hard to believe this was part of another stream of attempts. Low ball, give it to the new guy, sorts of stuff.
US fed gov loves redhat for example, and getting into Fedora is how you get into RHEL
Based on this analysis, they may have been based in a European timezone and just changed their timezone to UTC+8 before committing to Git to make it look like they were in China: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and. Their commits were usually between 9 am and 6 pm Eastern European Time, and there are a few commits where the timezone was set to UTC+2 instead of UTC+8.
Except China is one of the countries involved in cyber warfare
Pretty much every country is engaged in cyber warfare to some degree
Heavily, aggressively involved in cyber activities. Previous Chinese attempts were unveiled by similar small gotchas.
Arguably that’s hard to prove, and it could be NK, India, the NSA, etc., but it’s not hard to believe this was part of another stream of attempts. Low ball, give it to the new guy, sorts of stuff.
US fed gov loves redhat for example, and getting into Fedora is how you get into RHEL
Based on this analysis, they may have been based in a European timezone and just changed their timezone to UTC+8 before committing to Git to make it look like they were in China: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and. Their commits were usually between 9 am and 6 pm Eastern European Time, and there are a few commits where the timezone was set to UTC+2 instead of UTC+8.