From 6ddeda44f82e3e75390db8dbd3bc4ffe47fe0d51 Mon Sep 17 00:00:00 2001
From: himazawa <73994521+himazawa@users.noreply.github.com>
Date: Sun, 31 Mar 2024 23:16:02 +0200
Subject: [PATCH] post(xz): added conclusion

---
 content/posts/xz-backdoor/index.en.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/content/posts/xz-backdoor/index.en.md b/content/posts/xz-backdoor/index.en.md
index 30ab702..1c8b27f 100644
--- a/content/posts/xz-backdoor/index.en.md
+++ b/content/posts/xz-backdoor/index.en.md
@@ -157,6 +157,14 @@ This is a controversial topic because there are projects that are maintained by
 ### Recursive controls
 The project you are including will probably also have dependencies, make sure the same scrutiny is applied by the project maintainers on their supply chain to avoid indirect compromission.
 
+## Conclusion
+The `xz` backdoor is yet another case of supply chain hijacking, but this time with way more complexity and effort behind it. 
+
+We shound't blame the current maintainer or the Open Source software: issues like that (intentional or not) are mostly unpatchable because they leverage the human factor that is inreplaceable. 
+
+On the other hand we can follow some best practices in picking software to integrate inside our repositories to reduce the chance of this from happening.
+
+
 ## Resources
     
 - OSS-Security List: https://www.openwall.com/lists/oss-security/2024/03/29/4