Taking a stroll through the comments,

So, it turns out that someone who gained great amounts of trust has put malicious code into a widespread package. Sucks hard. It’s understandable to also look at those who worked with them on the same things…

He seems to be participating to Loongsong Chinese architecture

Oh no. Oh no no no, the is here too! Quickly, be weird about people from China!

Wow it’s crazy how many different core areas of Linux code is beeing changed to cope with Loongsong LoongArch.

“cope” lmao, also wow adding a completely new architecture requires a lot of work in a lot of areas, how crazy!

Later they were explained that their concern isn’t justified (the people mentioned have turned out to be real and working on the arch support without NDAs or stuff), including people from China taking note of this tendency:

Yeah, China! China! When something involves a random Chinese, it always unfolds with accusation out of thin air.

The developers for LoongArch are dope as hell and it’s sad to see these accusations be leveled at them entirely because they’re Chinese.

Damn, that’s a slick bit of work.

If you’re not on a Debian or Red Hat based distribution, you’re most likely fine because of some precondition checks in the malicious build script:

if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64"; then

I’d still recommend you update either way, Arch Linux and Gentoo patched/masked their packages as well even though they were essentially unaffected for various reasons. The original maintainer also made an acknowledgement on the project’s official website with some additional information as well.

deleted by creator