Hacker News new | past | comments | ask | show | jobs | submit login

What exactly is a CLA going to do to a CCP operative (as appears to be the case with xz)? Do you think the party is going to extradite one of their state sponsored hacking groups because they got caught trying to implement a backdoor?

Or do you think they don’t have the resources to fake an identity?




The whole Chinese name and UTC+8 were a cover, as the person apparently was from EET


While it ultimately doesn’t matter if it was Russia or China beyond potential political fallout. Do you have a link to the proof pointing towards EET?


There was a link in this thread pointing to commit times analysis and it kinda checks out. Adding some cultural and outside world context, I can guess which alphabet this three-four-six-letter agency uses to spell it's name at least.


case closed. you are right... could of course make the things a bit more difficult for someone not backed by a state sponsor. but if that's the case, you are right.


Sadly the only way to even have a chance of fighting this is to insist on new contributors being vetted in person, and even that won’t be fool-proof.

It’s also not scalable and likely won’t ever happen, but it’s the only solution I can come up with.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: