Just a heads up there is a pretty critical vulnerability in the XZ package which is included in many distributions. Fortunately Debian doesn’t appear to have the vulnerability except in testing, experimental and unstable release versions Microsoft FAQ and guidance for XZ Utils backdoor - Microsoft Community Hub.
Apparently someone spotted it at the last minute:
I posted some more details here: