Detecting XZ in Debian with Otto Kekäläinen

In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects. They discuss Otto's blog post about the XZ backdoor and how it's a nearly impossible attack to detect. Otto does a great job breaking down an incredibly complex problem into understandable pieces.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-11-xz-debian-otto/