[Git][reproducible-builds/reproducible-website][master] 2021-06: small fixes

Fri Jul 2 17:00:33 UTC 2021


Felix C. Stegerman pushed to branch master at Reproducible Builds / reproducible-website


Commits:
f28fb110 by Felix C. Stegerman at 2021-07-02T17:00:31+00:00
2021-06: small fixes
- - - - -


1 changed file:

- _reports/2021-06.md


Changes:

=====================================
_reports/2021-06.md
=====================================
@@ -46,7 +46,7 @@ The Reproducible Builds project restarted their IRC meetings this month. Taking
 
 <br>
 
-[Ars Technica](https://arstechnica.com/) are reporting that "counterfeit" packages in [PyPI](https://pypi.org/), the official Python package repository, [contained secret code that installed cryptomining software on infected machines](https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/): "So-called typosquatting attacks succeed when targets accidentally mistype a name such as typing *mplatlib* or *maratlib* instead of the legitimate and popular package, *matplotlib*. The article is at pains to points out that PyPI is not not abused any more than other repositories are:
+[Ars Technica](https://arstechnica.com/) are reporting that "counterfeit" packages in [PyPI](https://pypi.org/), the official Python package repository, [contained secret code that installed cryptomining software on infected machines](https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/): "So-called typosquatting attacks succeed when targets accidentally mistype a name such as typing *mplatlib* or *maratlib* instead of the legitimate and popular package, *matplotlib*". The article is at pains to points out that PyPI is not not abused any more than other repositories are:
 
 > Last year, packages downloaded thousands of times from [RubyGems](https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing-apps-snuck-into-ruby-repository/) installed malware that attempted to intercept bitcoin payments. Two years before that, someone backdoored a 2-million-user code library hosted in NPM. [Sonatype](https://sonatype.com/) has [tracked more than 12,000 malicious NPM packages](https://blog.sonatype.com/open-source-attacks-on-the-rise-top-8-malicious-packages-found-in-npm) since 2019.
 
@@ -90,9 +90,9 @@ In early June, Nilesh Patra [asked for help making Debian's `brian` package buil
 
 [![]({{ "/images/reports/2021-06/fdroid.png#right" | relative_url }})](https://www.f-droid.org/)
 
-Felix C. Stegerman announced the release of 1.0.0 release of [*apksigcopier*](https://github.com/obfusk/apksigcopier), a tool to copy, extract and patch `.apk` signatures needed to facilitate reproducible builds on the [F-Droid](https://f-droid.org) Android application store. Holger Levsen subsequently sponsored an upload to Debian.
+Felix C. Stegerman announced the release of v1.0.0 of [*apksigcopier*](https://github.com/obfusk/apksigcopier), a tool to copy, extract and patch `.apk` signatures needed to facilitate reproducible builds on the [F-Droid](https://f-droid.org) Android application store. Holger Levsen subsequently sponsored an upload to Debian.
 
-Elsewhere in F-Droid, the Swiss COVID Certificate mobile app (which uses reproducible builds) is [pending being added to F-Droid](https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9099) — the F-Droid developers have mentioned that the upstream developers have been very helpful in making this happen. Relatedly, the Android version of the [Electrum Bitcoin Wallet](https://electrum.org/#home) [has been made reproducible](https://github.com/spesmilo/electrum/pull/7263).
+Elsewhere in F-Droid, the Swiss COVID Certificate mobile app (which uses reproducible builds) has [been added to F-Droid](https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9099) — the F-Droid developers have mentioned that the upstream developers have been very helpful in making this happen. Relatedly, the Android version of the [Electrum Bitcoin Wallet](https://electrum.org/#home) [has been made reproducible](https://github.com/spesmilo/electrum/pull/7263).
 
 <br>
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/f28fb1107a698477bb4c3bd6ec95dbfdcbee2593

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/f28fb1107a698477bb4c3bd6ec95dbfdcbee2593
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210702/27c27753/attachment.htm>
