On Mar 29, 2024, at 20:10, Ryan Schmidt wrote:
>
> it's not yet clear if or when or how [the developers] will respond to this.
The official response page from the original developer is now up and will be
updated with more information soon:
https://tukaani.org/xz-backdoor/
Today a security issue was disclosed [1] in the xz package, which contains the
xz program (used for example by MacPorts to decompress xz-compressed source
code archives) and the liblzma library (used by many other programs). Versions
5.6.0 and 5.6.1 (to which the MacPorts port was updated a coup
