Flagged: How is this "via a project dev"? Which project? The guy doesn't seem to have anything to do with the discovery of this backdoor, and he just summarizes Andres Freund's announcement.
The author of this is a gentoo maintainer who focuses on security work. Most distros have a couple of point people handling this issue for them at this point, and they are all likely pretty well informed.
If you want clarification on something, you can just ask instead of announcing that you've flagged it.
Its from the Gentoo maintainer of the package and libarchive project dev that submits changes, patches, is involved in the mail list and has ops on the groups IRC chan.
It's included in Lasse Collin's FAQ now that he has been found, but in his absence, Sam was speaking for the project on IRC chan and filed the gentoo bug also linked at the bottom of in Collin's FAQ:
