@isaac The xz/lzma thing with the maintainer working for a state level attacker and putting backdoors in it. Stupid they took down the repo; it was an important source of information for research into the accomplices etc.
@lanodan@isaac Yep. Of course plenty of ppl have the repo archived. But do they have release tarballs archived to compare? Maybe. The issues, PRs, comments? Nope. 🤦
@dalias@isaac Yeah that sucks as well, specially as I'd only expect maintainers (so Lasse Collin here) to potentially have an archive of them if they have notifications via email.
@dalias@lanodan@isaac It's still malware after all, and it's understandable that Github doesn't want to host malware.
That being said, it would of course be nice if they offered something like "nsfwgithub.com" where you can access such malicious repos in a way that prevents abusing the site for malware hosting (for example, only for users that are logged in and have enabled the "I want to be able to download known malware" flag on their account).