With the release of Libntlm version 1.8 the release tarball can be reproduced on several distributions. We also publish a signed minimal source-only tarball, produced by git-archive which is the same format used by Savannah, Codeberg, GitLab, GitHub and others. Continue reading Reproducible and minimal source-only tarballs→| Simon Josefsson's blog
While the work to analyze the xz backdoor is in progress, several ideas have been suggested to improve the software supply chain ecosystem. Some of those ideas are good, some of the ideas are at best irrelevant and harmless, and Continue reading Towards reproducible minimal source code tarballs? On *-src.tar.gz→| Simon Josefsson's blog
In which I make a public service announcement about the small utilities provided by GLib| halting problem