The repository of the open-source compression utility xz Utils, in which a backdoor was found prior to the Easter weekend, has now been restored to GitHub.
The account of the original maintainer, Lasse Collin, has also been restored according to a post on Reddit.
The presence of the backdoor was caught by Microsoft software engineer Andres Freund, a PostGreSQL developer, who noticed that logins with SSH were taking up a lot of CPU cycle and also generating valgrind errors.
That Freund noticed it before the long Easter weekend was lucky.
{loadposition sam08}Collin has said he would be writing an account of the incident sometime in the future.
The malicious code was introduced in versions 5.6.0 and 5.6.1. The suspicion that it may be a state-sponsored act arose because the code had been spirited in over a long period.
The person who held the account that was responsible for the malicious code, under the name Jia Tan, appears to have now disappeared.