A good story from the leader of #Fdroid: “Three years ago, F-Droid had a similar kind of attempt as the Xz backdoor,” he posted on Mastodon. “A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn’t found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a SQL injection vulnerability. In this case, we managed to catch it before it was merged.
https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/