tl;dr:
There is a Debian git transition plan. It’s going OK so far but we need help, especially with outreach and updating Debian’s documentation.
tl;dr:
There is a Debian git transition plan. It’s going OK so far but we need help, especially with outreach and updating Debian’s documentation.
Not really. If xz were the issue, Debian would have just switched to a different tarball format like lz4.
This is more about Debian packaging conventions being very archaic and requiring a lot of futzing with upstream tarballs and patches.
The backdoor of the xz utils program(s) was in the tarball release, but not the main source code:
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
If debian had dodged the upstream tarball, then they wouldn’t have been affected by this.