[Git][reproducible-builds/reproducible-website][master] 2 commits: Add LWN logo
Chris Lamb
gitlab at salsa.debian.org
Sat May 4 17:51:50 UTC 2019
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
43cfad39 by Chris Lamb at 2019-05-04T17:51:31Z
Add LWN logo
- - - - -
65d7ff01 by Chris Lamb at 2019-05-04T17:51:39Z
Misc cosmetic changes.
- - - - -
2 changed files:
- _reports/2019-04.md
- + images/reports/2019-04/lwn.png
Changes:
=====================================
_reports/2019-04.md
=====================================
@@ -10,9 +10,7 @@ Welcome to the April 2019 report from the [Reproducible Builds](https://reproduc
As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users pre-compiled. The motivation behind reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
-### Weekly blog changes to monthly blog
-
-Starting this month we have changed the frequency of our blog to monthly. In this post we will detail the most important things which have been up to in/around the world of reproducible builds and secure toolchains in the month of April.
+In this post we will detail the most important things which have been up to in/around the world of reproducible builds and secure toolchains in the month of April — starting this month we have changed the frequency of our blog to monthly.
In this months's report, we will cover:
@@ -28,6 +26,8 @@ In this months's report, we will cover:
* The [SecureList](https://securelist.com) website [reported on Operation "ShadowHammer"](https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/), a high-profile supply chain attack involving the [ASUS](https://en.wikipedia.org/wiki/Asus) Live Update Utility. As their post describes in more detail, tampering with binaries usually breaks the digital signature but in this case the digital signature appeared to have been compromised. ([Read more](https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/))
+![]({{ "/images/reports/2019-04/scala.png#right" | prepend: site.baseurl }})
+
* [Linux Weekly News (LWN)](https://lwn.net/) covered the [recent `bootstrap-sass` backdoor incident](https://lwn.net/Articles/785386/) which speaks to the prevalence of supply-chain and mirror-based attacks. [David A. Wheeler](https://dwheeler.com) also [published an essay on the incident](https://dwheeler.com/essays/bootstrap-sass-subversion.html) that explicitly proposes reproducible builds as a potential way to reduce the impact of such attacks in the future.
* There was an interesting discussion on [Hacker News](https://news.ycombinator.com/) regarding the release of [WAPM](https://wapm.io/), a package manager for [WebAssembly](https://webassembly.org/) packages that are typically embedded into browsers and web-pages. In [the discussion there was a query](https://news.ycombinator.com/item?id=19732794) and distinction raised by commenter *whyrusleeping* between the ability to reproduce any generated packages versus simply signing packages in the usual manner which received warm reception by the upstream authors.
@@ -184,7 +184,7 @@ We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framewor
* Add/update the new `reproducible-builds.org` [MX records](https://en.wikipedia.org/wiki/MX_record). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9ddd1042)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/711267ec)]
* Fix typo in comment; thanks to `ijc` for reporting! [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2435823c)]
-Holger Levsen ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4a79527a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a24c3aa9)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/363a02f3)]), Mattia Rizzolo ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9d4d39d1)]) and Vagrant Cascadian ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a6412217)]) all performed a large amount of build node maintenance, system and jenkins administration and Chris Lamb provided a patch to avoid double spaces in IRC notifications. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f4b80011)]
+Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4a79527a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a24c3aa9)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/363a02f3)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9d4d39d1)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a6412217)] all performed a large amount of build node maintenance, system & Jenkins administration and Chris Lamb provided a patch to avoid double spaces in IRC notifications [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f4b80011)].
## Misc news
=====================================
images/reports/2019-04/lwn.png
=====================================
Binary files /dev/null and b/images/reports/2019-04/lwn.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/39ca1e770971cb4eb75b6af690c9558488769958...65d7ff01157f04150e137faf7b2788faeb750123
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/39ca1e770971cb4eb75b6af690c9558488769958...65d7ff01157f04150e137faf7b2788faeb750123
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190504/450edf37/attachment.html>
More information about the rb-commits
mailing list