Login
Roast topics
Find topics
Find it!
From:
Simon Josefsson's blog
(Uncensored)
subscribe
Verified Reproducible Tarballs
https://blog.josefsson.org/2025/04/17/verified-reproducible-tarballs/
links
backlinks
Tagged with:
gitlab
gnu
guix
supply-chain
reproducible
Roast topics
Find topics
Roast it!
Remember the XZ Utils backdoor? One factor that enabled the attack was poor auditing of the release tarballs for differences compared to the Git version controlled source code. This proved to be a useful place to distribute malicious data.