@skye@Natanox@nathell@cjwatson@gabek removing the repository is needed to prevent all packages that have a dependency on xz to automatically download the compromised tarballs the next time their compile script tries to pull from it.
@jerome@skye@Natanox@nathell@cjwatson@gabek Not really. Pulling from git was safe, pulling from the release tarballs was not. Also, destroying the repo is also destroying the evidence trail.
