RE: GNU Mes 0.24 released

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: GNU Mes 0.24 released

From:	Orians, Jeremiah (DTMB)
Subject:	RE: GNU Mes 0.24 released
Date:	Mon, 9 May 2022 20:22:21 +0000

>> The common objection is: "you're building from source but you're not 
>> gonna audit all that source code anyway, so why bother?"  I think it's 
>> akin to security by obscurity.  That we collectively can and do fiddle 
>> with all this code makes a practical difference; that this is all 
>> transparent means that backdoors become harder to hide.
Well from root binaries to Gnu Mes (along with the extras such as sha256sum, 
ungz and untar) if printed on single sided paper at size 12 font would be only 
171 pages.
So not that hard after all after that you can leverage sha256sums and chains of 
trust to do the rest

> I saw a project a while ago with an interesting approach that looks very 
> interesting for tackling this problem: crowd-sourced, social code
> review:
> https://github.com/crev-dev/crev
Looks interesting

-Jeremiah

[Prev in Thread]

Current Thread

[Next in Thread]

GNU Mes 0.24 released, Jan Nieuwenhuizen, 2022/05/02
- Re: GNU Mes 0.24 released, Ludovic Courtès, 2022/05/07
  - Re: GNU Mes 0.24 released, Larry Doolittle, 2022/05/08
    - Re: GNU Mes 0.24 released, Sébastien Lerique, 2022/05/08
    - Re: GNU Mes 0.24 released, Larry Doolittle, 2022/05/08
    - Re: GNU Mes 0.24 released, indieterminacy, 2022/05/09
  - Re: GNU Mes 0.24 released, Thiago Jung Bauermann, 2022/05/08
    - RE: GNU Mes 0.24 released, Orians, Jeremiah (DTMB) <=

Prev by Date: Re: Packaging rust-analyzer is not necessary.
Next by Date: Re: Docker 19.x eol
Previous by thread: Re: GNU Mes 0.24 released
Next by thread: Mumi, public-inbox and tools
Index(es):
- Date
- Thread