Nice short (~16m) talk on build system security – trusting trust attacks, reproducible builds & bootstrappable builds.
https://isdebianreproducibleyet.com/ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓░ 94.5%
An interesting issue where non-deterministic filesystem ordering resulted in a different README file being installed (found by in @debian)
diffoscope 148 💠➕➖ released https://diffoscope.org/news/diffoscope-148-released/
https://mastodon.technology/about @ReproBuilds #diffoscope
diffoscope 147 released💠 https://diffoscope.org/news/diffoscope-147-released/ https://mastodon.technology/about @ReproBuilds #diffoscope
A real world example of an open source supply chain attack: the Octopus Scanner malware
https://isdebianreproducibleyet.com/ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓░ 94.7%
Supply-chain attack hits RubyGems repository with 725 malicious packages https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing-apps-snuck-into-ruby-repository/
set of software development practices that create an independently-verifiable path from source code to the binary code used by computers.
Account monitored by @raboof
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.