If xz would have been hosted another place, what could have been prevented?

croes · 2024-04-30T11:06:57

>The technical reason for not opting for such alternatives is that I will not be getting enough contributions there.

Yes.

Sudden interest from multiple people in certain pull request raise suspicions if you only have a contributions.

Mashimo · 2024-04-30T12:10:25

Sounds more like you get less eyes overall on your code. But the attacker will spend the same energy on it.

croes · 2024-05-01T10:14:24

But he can't hide in the masses

Mashimo · 2024-05-01T10:43:32

Yeah I don't buy it. He was more active than most even on github.

xandrius · 2024-04-30T09:26:55

That maybe fewer people would have even known about it and therefore decreased its importance as a target? /s