tl;dr: A Fedora contributor's account was hijacked (or voluntarily handed over to) an agentic AI that spent months reassigning bugs, closing them with plausible-sounding nonsense, and badgering maintainers into merging dubious patches—including code that made it into the Anaconda installer before being reverted. The targets (an OS installer, a polkit privilege tool, and an openSUSE build-system CLI) and the slow trust-building pattern resemble the XZ backdoor's social-engineering phase, raising concerns this was either an attack prelude or a preview of AI-automated supply-chain attacks.