Resolves to YES if one or more perpetrators are charged with a crime and found guilty in court of law.
If someone is meaningfully personally identified, but charges are not pressed for whatever reason, it would also resolve YES at my discretion. For this to happen, there would need to be strong evidence tying the backdoor to an IRL identity ("Jia Tan" is a completely fabricated identity for all we know).
If Jia Tan is a real person but their account was merely hijacked (or they were being blackmailed etc.), it resolves to NO unless we find out who the real perpetrators are.
If the attack is generically attributed to a nation-state or APT group, it resolves to NO.
The close date may be extended at my discretion if it looks like progress is still being made on the case.
Some relevant links:
Initial public disclosure: https://www.openwall.com/lists/oss-security/2024/03/29/4
FAQ gist: https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
"Everything I Know About the Xz Backdoor": https://boehs.org/node/everything-i-know-about-the-xz-backdoor
I won't bet in this market.
I could see someone like Bellingcat figuring out who was behind it, but doubtful about them actually being found guilty. It's like the US attributing a hack to an individual that lives in Russia
If someone is meaningfully personally identified, but charges are not pressed for whatever reason
The potential reason that comes to mind for me (IANAL, of course) is that if the introduction of the backdoor can't be tied to a specific use of the backdoor to attack a target, depending on the jurisdictions where the matter is being investigated it might not even clearly be an offence?