undefined | Better HN

0 pointsalwaysbeconsing1y ago0 comments

+1 Can see from project homepage http://web.archive.org/web/20240329165859/https://xz.tukaani... they have some release responsibility from 5.2.12.

> Versions 5.2.12, 5.4.3 and later have been signed with Jia Tan's OpenPGP key . The older releases have been signed with Lasse Collin's OpenPGP key .

It must be assume that before acquiring that privilege, they also contributed code to project. Probably most was to establish respectable record. Still could be malicious code going back someways.

0 comments

0x01y ago

Looks like the Jia Tan OpenPGP key was replaced a few months ago as well: https://github.com/tukaani-project/tukaani-project.github.io...

j / k navigate · click thread line to collapse

0 pointsalwaysbeconsing1y ago0 comments

+1 Can see from project homepage http://web.archive.org/web/20240329165859/https://xz.tukaani... they have some release responsibility from 5.2.12.

> Versions 5.2.12, 5.4.3 and later have been signed with Jia Tan's OpenPGP key . The older releases have been signed with Lasse Collin's OpenPGP key .

It must be assume that before acquiring that privilege, they also contributed code to project. Probably most was to establish respectable record. Still could be malicious code going back someways.

0 comments

0x01y ago

Looks like the Jia Tan OpenPGP key was replaced a few months ago as well: https://github.com/tukaani-project/tukaani-project.github.io...

j / k navigate · click thread line to collapse