Stable releases were more secure in the XZ Utils incident because they never received the compromised versions (5.6.0 and 5.6.1). Major distributions (Debian, Ubuntu, Red Hat, Alpine) confirmed their stable branches were unaffected, as the backdoor only reached testing or rolling-release tracks. Delayed update cycles prevented the malicious code from reaching production systems, unlike rolling releases (e.g., Arch, Fedora Rawhide, Kali), which were exposed immediately. Some projects, like Ubuntu, also postponed beta releases and rebuilt packages as extra precautions.
❤️1