Supposing the #xz backdoor was limited to targetting SSHd, then considering I never used my Fedora 40 "trash performance testing" machine as a SSH host (only as a SSH client), nor did it have a public-facing open port on the WAN, and as I have done "dnf distrosync" first thing in the morning, I am presuming the machine doesn't need to be nuked from orbit… but there's always this little "What if…" in the back of the mind, and it'll be hard for me not to feel like this in the coming days/weeks: