An interesting thing about the XZ sabotage is that, while it was very cleverly obfuscated (congratulations to Andres Freund for finding it!), once found, it is very clear that it's a deliberate backdoor. It can't be explained away as an ordinary bug that introduced a vulnerability.
Says something about the tradeoff space the attacker was working in.
@mattblaze You're one of the first I've seen to analyze this in terms of the adversary's constraints. I am not a computer scientist, but in terms of constraints, resources, and targeting, this doesn't "feel" like a state actor.
So, this is highly targeted, and the social engineering tactics seemed personal. You're not getting that from a committee. And it was a long game, which would have meant supervisors coming and going, changes in priority, etc in government.
@UncivilServant is disagree that that’s inconsistent with a state actor. Personalized, long game infiltration is how spies and HUMINT has always worked.
@mattblaze Ah, is that part of why intelligence types complain that the rest of the government keeps giving them side-eye?
Because yeah, that sort of unprofessional obsession...huh, Le Carré really wasn't exaggerating if that's how they act.
@UncivilServant @mattblaze Your assumptions reflect a politician. Intelligence agencies are very insulated/deliberate and so a state-sponsored spy is a very different animal.