Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack:
0. The original maintainer burns out, and only the attacker offers to help (so the attacker inherits the trust of the project built by the maintainer).
Read their words👇🏻 1/
@firegiantco CEO & Co-Founder | Benevolent Dictator of @wixtoolset | RobMensching.com for more information

@robmen
