Saagar Jha (@saagar@saagarjha.com)

Jeremy List

03/31/2024 (replying to Saagar Jha)

@saagar I'd also heard the trojan wasn't actually in the git repo but was in a separate patch that was being applied between the "git pull" and "tar" steps of the release process (specifically after running autoconf) - if true the repo they took down would have been clean anyway.

Saagar Jha

03/31/2024 (replying to Jeremy List)

@jeremy_list The backdoor was definitely in the upstream git repo, but it profiled the system when configuring itself to decide whether to build the malicious code in or not