>>>>> On Wed, 29 May 2024, Sam James wrote:

> # Sam James <sam@gentoo.org> (2024-05-29)
> # OpenPGP key of malicious xz co-maintainer. This key is no longer used
> # by any ebuilds in tree. Removal on 2024-06-29.
> # Bug #928134.
> sec-keys/openpgp-keys-jiatan

Just out of interest, by what chain of trust was this key added, in the
first place?

Ulrich