[Git][reproducible-builds/reproducible-website][master] 2 commits: 2023-03: Cosmetic changes.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Thu Apr 6 13:53:01 UTC 2023



Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
80020239 by Chris Lamb at 2023-04-06T14:52:22+01:00
2023-03: Cosmetic changes.

- - - - -
a3e884b3 by Chris Lamb at 2023-04-06T14:52:40+01:00
published as https://reproducible-builds.org/reports/2023-03/

- - - - -


1 changed file:

- _reports/2023-03.md


Changes:

=====================================
_reports/2023-03.md
=====================================
@@ -3,7 +3,8 @@ layout: report
 year: "2023"
 month: "03"
 title: "Reproducible Builds in March 2023"
-draft: true
+draft: false
+date: 2023-04-06 13:52:40
 ---
 
 **Welcome to the March 2023 report from the [Reproducible Builds](https://reproducible-builds.org) project.**
@@ -13,9 +14,9 @@ draft: true
 
 In these reports we outline the most important things that we have been up to over the past month. As a quick recap, the motivation behind the reproducible builds effort is to ensure no malicious flaws have been introduced during compilation and distributing processes. It does this by ensuring identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
 
-If you are interested in contributing to the project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
+If you are interested in contributing to the project, please do visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website..
 
----
+<br>
 
 ## News
 
@@ -31,7 +32,7 @@ Arnout Engelen updated [our website]({{ "/" | relative_url }}) to add and update
 
 [![]({{ "/images/reports/2023-03/intel.png#right" | relative_url }})](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html)
 
-This month, [Intel](https://www.intel.com) published [a guide](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html) on how to reproducibly build their Trust Domain Extensions (TDX) firmware. TDX here refers to an Intel technology that combines their existing virtual machine and memory encryption technology with a new kind of virtual machine guest called a Trust Domain. This runs the CPU in a mode that protects the confidentiality of its memory contents and its state from any other software.
+[Intel](https://www.intel.com) published [a guide](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html) on how to reproducibly build their Trust Domain Extensions (TDX) firmware. TDX here refers to an Intel technology that combines their existing virtual machine and memory encryption technology with a new kind of virtual machine guest called a Trust Domain. This runs the CPU in a mode that protects the confidentiality of its memory contents and its state from any other software.
 
 <br>
 
@@ -47,13 +48,13 @@ Holger Levsen will present at [foss-north 2023](https://foss-north.se/2023) in A
 
 Anthony Andreoli, Anis Lounis, Mourad Debbabi and Aiman Hanna of the [Security Research Centre](https://www.concordia.ca/ginacody/research/security-research-centre.html) at [Concordia University, Montreal](https://www.concordia.ca/) published a paper this month entitled [*On the prevalence of software supply chain attacks: Empirical study and investigative framework*](https://www.sciencedirect.com/science/article/abs/pii/S2666281723000094):
 
-> Software Supply Chain Attacks (SSCAs) typically compromise hosts through trusted but infected software. The intent of this paper is twofold: First, we present an empirical study of the most prominent software supply chain attacks and their characteristics. Second, we propose an investigative framework for identifying, expressing, and evaluating characteristic behaviours of newfound attacks for mitigation and future defense purposes. We hypothesize that these behaviours are statistically malicious, existed in the past, and thus could have been thwarted in modernity through their cementation x-years ago. [[...](https://www.sciencedirect.com/science/article/abs/pii/S2666281723000094)]
+> Software Supply Chain Attacks (SSCAs) typically compromise hosts through trusted but infected software. The intent of this paper is twofold: First, we present an empirical study of the most prominent software supply chain attacks and their characteristics. Second, we propose an investigative framework for identifying, expressing, and evaluating characteristic behaviours of newfound attacks for mitigation and future defense purposes. We hypothesize that these behaviours are statistically malicious, existed in the past, and thus could have been thwarted in modernity through their cementation x-years ago. [[...](https://www.sciencedirect.com/science/article/abs/pii/S2666281723000094)]
 
 <br>
 
 On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
 
-* Mattia Rizzolo is asking everyone in the community to save the date for the 2023's Reproducible Builds summit which will take place between October 31st and November 2nd at [Dock Europe](https://dock-europe.net/) in Hamburg, Germany. Separate announcement(s) to follow. [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2023-March/002915.html)]
+* Mattia Rizzolo is asking everyone in the community to save the date for the 2023's Reproducible Builds summit which will take place between October 31st and November 2nd at [Dock Europe](https://dock-europe.net/) in Hamburg, Germany. Separate announcement(s) to follow. [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2023-March/002915.html)]
 
 * *ahojlm* posted an message announcing a new project which is "the first project offering bootstrappable and verifiable builds without any binary seeds." That is to say, a way of providing a verifiable path towards trusted software development platform without relying on pre-provided binary code in order to prevent against various forms of [compiler backdoors](https://en.wikipedia.org/wiki/Backdoor_(computing)#Compiler_backdoors). The [project's homepage](http://rbzfp7h25zcnmxu4wnxhespe64addpopah5ckfpdfyy4qetpziitp5qd.onion/) is hosted on Tor ([mirror](https://www.zq1.de/~bernhard/mirror/rbzfp7h25zcnmxu4wnxhespe64addpopah5ckfpdfyy4qetpziitp5qd.onion/)).
 
@@ -166,14 +167,14 @@ In addition, Roland Clobus is continuing his work on [reproducible Debian ISO im
 
 ---
 
-## [diffoscope](https://diffoscope.org)
+## [*diffoscope*](https://diffoscope.org) development
 
 [![]({{ "/images/reports/2023-03/diffoscope.png#right" | relative_url }})](https://diffoscope.org)
 
 [*diffoscope*](https://diffoscope.org) is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats as well. This month, Mattia Rizzolo released versions [`238`](https://diffoscope.org/news/diffoscope-238-released/), and Chris Lamb released versions [`239`](https://diffoscope.org/news/diffoscope-239-released/) and [`240`](https://diffoscope.org/news/diffoscope-240-released/). Chris Lamb also made the following changes:
 
-* Fix compatibility with PyPDF 3.x, and correctly restore test data. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a91f8bfe)]
-* Rework PDF annotation handling into a separate method. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2b268980)]
+* Fix compatibility with PyPDF 3.x, and correctly restore test data. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a91f8bfe)]
+* Rework PDF annotation handling into a separate method. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2b268980)]
 
 In addition, Holger Levsen performed a long-overdue overhaul of the [Lintian](https://lintian.debian.org/) overrides in the Debian packaging [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7d0fd9c3)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8b0fe07a)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e430e268)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/04f2114f)], and Mattia Rizzolo updated the packaging to silence an `include_package_data=True` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f2f30420)], fixed the build under Debian *bullseye* [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9e525a8e)], fixed tool name in a list of tools permitted to be absent during package build tests [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/36854d06)] and as well as documented sending out an email upon  [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/635c404d)].
 
@@ -181,7 +182,9 @@ In addition, Vagrant Cascadian updated the version of [GNU Guix](https://guix.gn
 
 <br>
 <br>
-<br>
+
+---
+
 
 If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/85f22ddb800b8d69ad8d9b35f108442ea3a3a22a...a3e884b366e60fd3e1c5687bec3cdf357a9dcef8

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/85f22ddb800b8d69ad8d9b35f108442ea3a3a22a...a3e884b366e60fd3e1c5687bec3cdf357a9dcef8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230406/93853757/attachment.htm>


More information about the rb-commits mailing list