Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently targeting the Linux xz data compression library, XZ Utils [linuxsecurity.com].
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently targeting the Linux xz data compression library, XZ Utils [linuxsecurity.com].
I have read this. There are no details about attacked projects, mail texts, addresses and github logins, nothing. It’s even impossible to ensure that attack attempts really took place. One may guess they occured before the xz attack disclosure and were performed by different actors because thay seem much more dumb.