Don't shift goal posts, please. A supply chain attack and a service sending private messages to the wrong recipient are very different issues.

I don't shift goal post, I'm answering to:

> is nightmare fuel I didn't need to have in my life :(

It's a weird reaction. All software have always been like that as far as I remember.

These two things are as different as you can get in terms of software bugs.

xz: A sophisticated supply chain attack. These are known, scary, and we don't have great ways to prevent them yet.

Apparently half of all popular instant messengers at some point making the same kind of trivial but catastrophic off-by-one error: Not rocket science to prevent. I was hoping at least high-stakes apps would have better QA.

I don't shift goal post, I'm answering to:

> is nightmare fuel I didn't need to have in my life :(