You're correct, and I was overly vague. The key observation is "Kevin Beaumont speculates that knowing this was on the way may have accelerated the attacker’s schedule" Here's the exact wording, from Russ Cox:
2024-02-29: On GitHub, @teknoraver sends pull request to stop linking liblzma into libsystemd. It appears that this would have defeated the attack. Kevin Beaumont speculates that knowing this was on the way may have accelerated the attacker’s schedule. @teknoraver commented on HN that the liblzma PR was one in a series of dependency slimming changes for libsystemd; there were two mentions of it in late January. https://research.swtch.com/xz-timeline
2024-02-29: On GitHub, @teknoraver sends pull request to stop linking liblzma into libsystemd. It appears that this would have defeated the attack. Kevin Beaumont speculates that knowing this was on the way may have accelerated the attacker’s schedule. @teknoraver commented on HN that the liblzma PR was one in a series of dependency slimming changes for libsystemd; there were two mentions of it in late January. https://research.swtch.com/xz-timeline
See also previously on HN: https://news.ycombinator.com/item?id=39916125