@jeremy_list The backdoor was definitely in the upstream git repo, but it profiled the system when configuring itself to decide whether to build the malicious code in or not