That would be a bit premature.  At this point it looks like one bad actor, and the other maintainer probably wasn't even aware.  We should wait and see how this plays out.

On Fri, Mar 29, 2024 at 1:01 PM Kevin Kofler via devel <devel@lists.fedoraproject.org> wrote:
Hi,

wow: https://www.openwall.com/lists/oss-security/2024/

I think at this point we clearly cannot trust xz upstream anymore and should
probably fork the project.

        Kevin Kofler
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


--
Jonathan Wright
AlmaLinux Foundation
Mattermost: chat