[Git][reproducible-builds/reproducible-presentations][master] 2 commits: Move Breaking the Chains of Trusting Trust to new date and location!

Vagrant Cascadian (@vagrant) gitlab at salsa.debian.org
Tue Jul 11 18:41:32 UTC 2023 


Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
0f5426c0 by Vagrant Cascadian at 2023-07-11T10:52:25-07:00
Move Breaking the Chains of Trusting Trust to new date and location!

- - - - -
a2d669c6 by Vagrant Cascadian at 2023-07-11T10:52:29-07:00
Breaking the Chains: Add link for guix full source bootstrap.

- - - - -


4 changed files:

- 2022-10-07-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org
- 2022-10-07-Breaking_the_Chains_of_Trusting_Trust/Makefile → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Makefile
- 2022-10-07-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png
- 2022-10-07-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png


Changes:

=====================================
2022-10-07-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org
=====================================
@@ -1,7 +1,7 @@
 #+TITLE: Breaking the Chains of Trusting Trust
 #+AUTHOR: Vagrant Cascadian <vagrant at reproducible-builds.org>
 #+EMAIL: vagrant at reproducible-builds.org
-#+DATE: BSidesPDX 2022
+#+DATE: FOSSY 2023-07-16
 #+LANGUAGE:  en
 #+OPTIONS:   H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
 #+OPTIONS:   TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
@@ -16,11 +16,8 @@
 #+LaTeX_CLASS_OPTIONS: [aspectratio=169]
 #+BEGIN_comment
 Breaking the Chains of Trusting Trust
-
-In 1984, Ken Thompson presented "Reflections on trusting trust" which
-described an attack on a build toolchain that would be impossible to
-detect through source code review ... in the decades since, what has
-been done to actually mitigate these types of attacks?
+https://2023.fossy.us/schedule/presentation/118/
+E148 | Sun 16 Jul 2 p.m.–3 p.m.
 
 Corrupted build environments can deliver compromised cryptographically
 signed binaries. Several exploits in in critical supply chains have
@@ -28,6 +25,11 @@ been demonstrated in recent years, proving that this is not just
 theoretical. The most well secured build environments are still single
 points of failure when they fail.
 
+In 1984, Ken Thompson presented "Reflections on trusting trust" which
+described an attack on a build toolchain that would be impossible to
+detect through source code review ... in the decades since, what has
+been done to actually mitigate these types of attacks?
+
 Work in the Reproducible Builds and Bootstrappable Builds communities
 has been progressing steadily in recent years, and can be used to
 significantly reduce the risks of "Trusting Trust" and other supply
@@ -235,7 +237,9 @@ https://guix.gnu.org/en/manual/devel/en/guix.html#Reduced-Binary-Seed-Bootstrap
 
   GNU Guix: The Full-Source Bootstrap
 
-  Now available in the "core-updates" branch!
+https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/
+
+  Now available via guix pull!
 
   #+ATTR_BEAMER: :overlay <+->
 - hex0 (357-byte binary)


=====================================
2022-10-07-Breaking_the_Chains_of_Trusting_Trust/Makefile → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Makefile
=====================================
@@ -3,7 +3,7 @@
 # needs: apt install emacs texlive-latex-extra texlive-plain-generic
 
 export FORCE_SOURCE_DATE = 1
-export SOURCE_DATE_EPOCH := $(shell date --utc --date '2022-10-07 00:00 UTC' +%s)
+export SOURCE_DATE_EPOCH := $(shell date --utc --date '2023-07-16 14:00 -0700' +%s)
 
 all: $(patsubst %.org,%.pdf,$(wildcard *.org))
 


=====================================
2022-10-07-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png
=====================================


=====================================
2022-10-07-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png → 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png
=====================================



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/ff6eccd518aedb9f1c3b00d2bccd39ec814d8476...a2d669c64c0f4a2f3b9c64e99b38eb2309ac9a6d

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/ff6eccd518aedb9f1c3b00d2bccd39ec814d8476...a2d669c64c0f4a2f3b9c64e99b38eb2309ac9a6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230711/14f0579e/attachment.htm>

More information about the rb-commits mailing list