[Git][reproducible-builds/reproducible-website][master] 2024-04: balancing for both double-quotes and backticks (single-quotes seem fine).

James Addison (@jayaddison) gitlab at salsa.debian.org
Wed May 8 22:49:02 UTC 2024



James Addison pushed to branch master at Reproducible Builds / reproducible-website


Commits:
4e76ebcf by James Addison at 2024-05-08T23:48:49+01:00
2024-04: balancing for both double-quotes and backticks (single-quotes seem fine).

- - - - -


1 changed file:

- _reports/2024-04.md


Changes:

=====================================
_reports/2024-04.md
=====================================
@@ -68,7 +68,7 @@ On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/
 
 * Chris Lamb asked the list which conferences readers are attending these days: "After peak Covid and other industry-wide changes, conferences are no longer the 'must attend' events they previously were… especially in the area of software supply-chain security. In rough, practical terms, it seems harder to justify conference travel today than it did in mid-2019." The thread generated a [number of responses](https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/thread.html#3370) which would be of interest to anyone planning travel in Q3 and Q4 of 2024.
 
-* James Addison wrote to the list about a ["quirk" in Git related to its `core.autocrlf` functionality](https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/003385.html), thus helpfully passing on a "slightly off-topic and perhaps not of direct relevance to anyone on the list today" note that might still be "the kind of issue that is useful to be aware of if-and-when puzzling over unexpected git content / checksum issues (situations that I _do_ expect people on this list encounter from time-to-time).
+* James Addison wrote to the list about a ["quirk" in Git related to its `core.autocrlf` functionality](https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/003385.html), thus helpfully passing on a "slightly off-topic and perhaps not of direct relevance to anyone on the list today" note that might still be "the kind of issue that is useful to be aware of if-and-when puzzling over unexpected git content / checksum issues (situations that I _do_ expect people on this list encounter from time-to-time)".
 
 <br>
 
@@ -76,7 +76,7 @@ On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/
 
 [Simon Josefsson](https://blog.josefsson.org/) wrote on his blog this month that, going forward, the [`libntlm`](https://gitlab.com/gsasl/libntlm/) project will now be releasing what they call "[minimal source-only tarballs](https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/)":
 
-> The [XZUtils incident](https://en.wikipedia.org/wiki/XZ_Utils_backdoor) illustrate that tarballs with files that are not included in the git archive offer an opportunity to disguise malicious backdoors. [The] risk of hiding malware is not the only motivation to publish signed minimal source-only tarballs. With pre-generated content in tarballs, there is a risk that GNU/Linux distributions [ship] generated files coming from the tarball into the binary `*.deb` or `*.rpm` package file. Typically the person packaging the upstream project never realized that some installed artifacts was not re-built[.]"
+> The [XZUtils incident](https://en.wikipedia.org/wiki/XZ_Utils_backdoor) illustrate that tarballs with files that are not included in the git archive offer an opportunity to disguise malicious backdoors. [The] risk of hiding malware is not the only motivation to publish signed minimal source-only tarballs. With pre-generated content in tarballs, there is a risk that GNU/Linux distributions [ship] generated files coming from the tarball into the binary `*.deb` or `*.rpm` package file. Typically the person packaging the upstream project never realized that some installed artifacts was not re-built[.]
 
 Simon's [post](https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/) goes into further details how this was achieved, and describes some potential caveats and counters some expected responses as well. A shorter version can be found in the announcement for the [1.8 release of `libntlm`](https://lists.nongnu.org/archive/html/libntlm/2024-04/msg00000.html).
 
@@ -114,7 +114,7 @@ In addition, Bernhard M. Wiedemann published [`theunreproduciblepackage`](https:
 
 [![]({{ "/images/reports/2024-04/guix.png#right" | relative_url }})](https://www.gnu.org/software/guix/)
 
-In GNU Guix, Janneke Nieuwenhuizen submitted a patch set for creating a reproducible source tarball for Guix. That is to say, ensuring that `make dist' is reproducible when run from Git. [[…](https://issues.guix.gnu.org/70169/)]
+In GNU Guix, Janneke Nieuwenhuizen submitted a patch set for creating a reproducible source tarball for Guix. That is to say, ensuring that `make dist` is reproducible when run from Git. [[…](https://issues.guix.gnu.org/70169/)]
 
 [![]({{ "/images/reports/2024-04/fedora.png#right" | relative_url }})](https://fedoraproject.org/)
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240508/48d7baf2/attachment.htm>


More information about the rb-commits mailing list