@jwildeboer As far as xz is concerned, there was indeed vigilance and proactivity. Less so in the case of libarchive, though, where the backdoor remained unnoticed from 2021 until now.

(not pointing fingers though, as it's not the first case of a vulnerability remaining present for years, and also as I do not have the street cred to do finger pointing as far as security goes)