I glossed over one point: If the good version can be uploaded to Debian, why not directly upload the bad version instead? No need to exploit obnam for that..
I can think of several reasons: * To have plausible deniability when the exploit is found. * An evil upstream, who does not want to need to sneak a backdoor past whatever review is done before their binary reaches Debian. (The binary need not be an executable, eg it could be a png file whose bad version exploits a bug in the code.) * To be able to target specific machines by pre-seeding them with the bad version, and avoid affecting any untargeted machines. -- see shy jo
signature.asc
Description: Digital signature
