Nice short (~16m) talk on build system security – trusting trust attacks, reproducible builds & bootstrappable builds.

An interesting issue where non-deterministic filesystem ordering resulted in a different README file being installed (found by in @debian)

Hello Fediverse!

This account will post announcements from the Reproducible Builds project ( as found on the birdsite, but will also boost Mastodon content related to the topic.

Happy to meet you all!

Supply-chain attack hits RubyGems repository with 725 malicious packages



Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.