Why?
Relax…
The only difference between open-source and closed source is the fact that you KNOW about such things, mostly even before they happen, as they’re fixed right away…with closed source you’re reading silent articles like “oh yeah, btw there were NSA backdoor in M$ Windows for 20 years, now it’s fixed! 
”
Reminds me of The Sorrows of Young Werther… 
You’re right. Still, it shook my world a bit.
So sorry to hear about your state of mind.
I hope you have some one you can talk to.
Here’s my take, coming from the latter end of the age scale. You’ll mellow. You’ll realise that the universe is utterly indifferent to your existence, that life, in all its shapes and forms, will go on with or without you. You make the best of what you have and make as many good changes as you can for your own little space on this planet.
I want you stick your hand out in front of you, imagine you’re holding a needle.
There are about fifteen and a half thousand galaxies in this image, a piece of the sky which is the size of the point of a needle held at arms length. That’s roughly, if we average it out, two and a half quadrillion planets. Worlds, civilisations, empires risen and fallen, history passed, that we’ll never get to see… but they’re up there… out there, and while I will never quite comprehend the scale of it all… it’s still beautiful to observe… Worry about the things you can actively have an impact on, the rest will continue onwards, regardless of anything we say, do, or feel.
Despite the fact that the engineer that discovered the vulnerability is employed by M$, it is highly unlikely (I would say almost no chance) that he planned, or was in on some sort of conspiracy, to produce good PR for M$ by reporting the vulnerability. (As far as repairing M$'s reputation is concerned, this would barely register as a drop in the bucket.) In that situation, wouldn’t he tell M$ about it first for an official press release instead?
Isn’t it more plausible that maybe he thought this would look really good on his own résumé/CV?
Agreed on all points here. The Drake Equation immediately comes to mind. We all have a purpose on this world, and in this life; nothing good comes out of the nihilism that ruminates in one’s perceived insignificance within the incomprehensible vastness of the universe (for we are not gods or supernatural beings).
well that’s the same as before. Fixed by now, right?.. 
Hard question to answer definitively.
It’s fixed in cargo, who knows when it will be fixed downstream in distros for all packages and dependencies that have used it, perhaps all rust packages rebuilds would be necessary to be on a safe side…
And also rust devs who do this locally are on their own…also AUR…
So yeah, it’s a mess.
P.S. Also, just logically if it’s ended up in cargo, i’m sure there are a lot of chances it will also be in pypi and npm as well…coz all those language-centric package systems are vulnerable to all kinds of crap.
the world should have listened to disgraced creator Lasse in his blog of 3-29 where he basically considered that whole libizXXX-library compromised. you article was from 4-12.
Wonder why they (linux world) waited on this so long?
do you have a link?
I followed it from this thread way above: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
he updated this on 4/7 it looks like
“libarchive should also be considered compromised until proven otherwise.” --that I read on 3/29, in the middle of the article
bUt rUsT iS SAfE! 
You had to.
Of course, you would not want a memory leak or a segfault with your backdoor. It does not aim to provide any other safety.
Let me guess: Rust isn’t necessary, correct?
