[Top HN comment](https://news.ycombinator.com/item?id=43448745):

> Note that NixOS and reproducible builds _did not_ detect the xz backdoor, and in fact NixOS shipped the malicious builds of xz (though they didn't do anything because the malware didn't target NixOS):
>
>> I am a NixOS developer and I was surprised when the backdoor was revealed to see that the malicious version of xz had ended up being distributed to our users.
>
> As always theory and reality are different, and the thing that made xz possible was never a technical vulnerability with a technical solution—xz was possible because of a _meatspace_ exploit. We as a community are very very bad at recognizing that you can't always just patch meatspace with better software.

_Maybe @hn should include the top comment 🤔_

tech

This link was posted by [birdculture](https://news.ycombinator.com/user?id=birdculture) 5 hours ago on [HN](https://news.ycombinator.com/item?id=43448075). It received 126 points and 48 comments.