Have not read through the whole thing but this seems relevant … Backdoor in upstream xz/liblzma leading to SSH server compromise | Hacker News
Note the comment about:
Unfortunately, this is how *good* bad actors work:
with a very long-term point of view.
Also note the comment:
clickhouse has pretty good github_events dataset on playground that folks can use to do some research - some info on the dataset https://ghe.clickhouse.tech/
Example of what this user JiaT75 did so far:
https://play.clickhouse.com/play?user=play#U0VMRUNUICogRlJPT...
Sifting through the clickhouse thingy, a few occurrences (4) of llvm/ show up. It only looks like comments.