[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Mes 0.24 released

From: Thiago Jung Bauermann
Subject: Re: GNU Mes 0.24 released
Date: Sun, 08 May 2022 21:03:33 -0300


Ludovic Courtès <> writes:

> Jan Nieuwenhuizen <> skribis:
>> Mes has now been ported to M2-Planet and can be bootstrapped using
>> stage0-posix[0], starting from the 357-byte hex0 binary of the
>> bootstrap-seeds[1], as was promised at FOSDEM'21[2].
> This is amazing… congrats to you & everyone involved!  You made it!  :-)
> The ability to build literally everything from source, with reproducible
> builds, is a game changer IMO when it comes to supply chain security.

Indeed, this is awesome!

> The common objection is: “you’re building from source but you’re not
> gonna audit all that source code anyway, so why bother?”  I think it’s
> akin to security by obscurity.  That we collectively can and do fiddle
> with all this code makes a practical difference; that this is all
> transparent means that backdoors become harder to hide.

I saw a project a while ago with an interesting approach that looks very
interesting for tackling this problem: crowd-sourced, social code

If many people review a piece of code and there's a system to record
those reviews, then it's possible to get a metric that is proportional
to the trustworthiness of said code.

It's a big task, but for unchanging code bases (such as the bootstrap
chain), it's a finite amount of work...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]