Having your code reverted only decreases your contribution metric in the sense that the denominator grows but it's someone else's (the reverter's) numerator: it's based on commits, not git blame.
The actual maintainers of the repo seem to take the position that all "Jia Tan" commits are backdoor-free unless proven otherwise, so most of his commits still stay (as they* did a LOT of actual, real work on the repo).
I am curious what people think about that. It's still around 30k lines of code made by a known malicious entity, looking at git blame. However it seems mostly fine?
I'm surprised that this implementation of xz written by... well... random people has been adopted so widely. I would've expected a more 'industrial' implementation managed by Google or Meta or something, but there isn't one.
I'm still baffled xz took off so massively in the first place. The USP seems to be existing LZMA compression but made significantly more fragile and prone to never decompressing again.
Wanting to do something right is permission to do so in a world of standards but not in a world of free reference implementation in lieu of a standard.
17 comments
[ 3.4 ms ] story [ 56.8 ms ] threadAre you trying to be sarcastic?
Intriguing that Microsoft didn't disclose the IPs, intriguing that the actors use mostly American services, some obscure American VPN as well, etc.
I am curious what people think about that. It's still around 30k lines of code made by a known malicious entity, looking at git blame. However it seems mostly fine?
* plural "they" ;)
The math and algorithms behind it are fun to learn but hard. And then you need to implement it both performant and correct.
Only a few people build up the algorithmic background to do this. And the gains once an implementation is there are marginal (optimizations).
The only larger one seems to be zstd, and I haven't wrapped my head around ANS/tANS...
If someone wants something done right, FSVO right, they can do it themselves.