On Mon, Apr 01, 2024 at 09:46:12PM +0200, Reza Housseini wrote:
> Just stumbled upon this recently discovered supply chain attack on xz,
> inserting a backdoor via test files [1, 2]. And it made me wondering, what
> would have been the effects on guix and how can we potentially avoid it?

There's actually suspicious code by the xz attacker in one of our
packages right now:

https://issues.guix.gnu.org/issue/70113

Please help review that patch!