hey,
On Tue, Dec 15, 2020 at 07:31:28PM +, Holger Levsen wrote:
> so the winner is: 16 UTC, so we will have our next general IRC meeting
> this coming Monday, 21st of December 2020, at 16:00 UTC on
> #reproducible-builds on irc.oftc.net.
>
> The agenda is as always at
> https://pad.sfconserv
David A. Wheeler wrote:
> Let me restate this: it appears that the *source code* wasn’t
> compromised, and the *distribution* system wasn’t compromised. Instead,
> the *build system* was compromised.
Thanks for this, David. You are absolutely right that this is exactly
what Reproducible Builds wa
it don't help much to rant on this ML where all people know what reproducible
builds are. instead contacting all those journalists that did not mention it
has a chance to change the current status.
a publication on reproducible-builds.org about this incident would also be
helpful to share the l
As we on bootstrappable are terrible at public relations.
I guess I probably should make sure you are aware of our latest work.
AArch64 has been fully bootstrapped to the cross-compiling C level (M2-Planet)
https://github.com/oriansj/mescc-tools-seed
from a minimal hex0 and a minimal kaem shell
Hello.
On Thu, Dec 17, 2020 at 07:33:11PM -0500, David A. Wheeler wrote:
> All:
>
> There’s been a recently-revealed attack on the SolarWinds product “Orion", a
> Network Management System (NMS). This software is widely used and thus this
> attack is extremely concerning.
>
> According to SANS
> On Dec 21, 2020, at 1:58 PM, Santiago Torres-Arias
> wrote:
> I agree that we need more visibility on the reprobuilds aspect of this
> compromise.
I don’t think it’s visible to *reporters* though.
> To be a little bit more upfront: I think that we as a community
> sometimes focus on "is thi
On Mon, 2020-12-21 at 15:57 -0500, David A. Wheeler wrote:
> I think these things need to happen in stages. Broadly:
> 1. Get key applications & libraries reproducible (assuming toolchains
> are okay)
> 2. Establish independent processes that *check* that the binaries are
> what they’re supposed to
