28
Thoughts on the xz backdoor: an lzma-rs perspective | Blog
(gendignoux.com)
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Credits
I have to disagree here. Maybe they would have found another way, but it would have been a more obvious way, which is a very good thing.
Yes it would have still been compromised but it may have been detected earlier. So it's still pretty bad to have these incomprehensible build scripts.
I'm not saying incomprehensible build scripts are good here, my mistake for making it seem that way. I'm not confident that hiding it elsewhere would have been strictly more obvious but it absolutely could have been.
I've done some pretty complex C projects and haven't had build scripts nearly that large. This one seems particularly unwieldy and certainly helped the attacker.