As far as we know, yes. The initially detected backdoor injected itself only to RPM and DEB build artifacts.
That said, the threat actor was working on it for 2 years so there’s a chance there are other backdoors. People are still reviewing everything they did over that time.
Arch linux wasn’t affected as far as I know?
As far as we know, yes. The initially detected backdoor injected itself only to RPM and DEB build artifacts.
That said, the threat actor was working on it for 2 years so there’s a chance there are other backdoors. People are still reviewing everything they did over that time.