Login
From:
Simon Josefsson's blog
(Uncensored)
subscribe
Verified Reproducible Tarballs
https://blog.josefsson.org/2025/04/17/verified-reproducible-tarballs/
links
backlinks
Tagged with:
gitlab
gnu
guix
supply-chain
reproducible
Remember the XZ Utils backdoor? One factor that enabled the attack was poor auditing of the release tarballs for differences compared to the Git version controlled source code. This proved to be a useful place to distribute malicious data.
Roast topics
Find topics
Roast it!
Roast topics
Find topics
Find it!
Roast topics
Find topics
Find it!
