XZ backdoor: "It's RCE, not auth bypass, and gated/unreplayable."

[fuzunoglu]

What is the possibility of identity theft that is commenced on state-level? There are reports that the time the backdoor was pushed do not match the usual timing of changes committed by the author.

It also seems like a convenient ground for a false flag operation: hijacking an account that belong to a trustworthy developer from another country.

[Aloisius]

And risk discovery by the trustworthy developer? Unlikely.

[fuzunoglu]

What if the developer passed away? It is also easy to blame the developer with mental issues otherwise.