[Git][reproducible-builds/reproducible-website][master] 2025-10: Newline

Chris Lamb (@lamby) gitlab at salsa.debian.org
Wed Nov 5 21:13:49 UTC 2025 


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
44a02494 by Chris Lamb at 2025-11-05T13:11:53-08:00
2025-10: Newline

- - - - -


1 changed file:

- _reports/2025-10.md


Changes:

=====================================
_reports/2025-10.md
=====================================
@@ -110,8 +110,7 @@ As [the homepage of the service](https://sourcespotter.com/) mentions, the track
 
 [![]({{ "/images/reports/2025-10/hal-05326226.png#right" | relative_url }})](https://hal.science/hal-05326226)
 
-Julien Malka of the [Institut Polytechnique de Paris](https://www.ip-paris.fr/) published an exciting paper this month on [*How NixOS could have detected the XZ
-supply-chain attack for the benefit of all thanks to reproducible-builds*](https://hal.science/hal-05326226). Julien outlines his paper as follows:
+Julien Malka of the [Institut Polytechnique de Paris](https://www.ip-paris.fr/) published an exciting paper this month on [*How NixOS could have detected the XZ supply-chain attack for the benefit of all thanks to reproducible-builds*](https://hal.science/hal-05326226). Julien outlines his paper as follows:
 
 > In March 2024, a [sophisticated backdoor was discovered in xz](https://en.wikipedia.org/wiki/XZ_Utils_backdoor), a core compression library in Linux distributions, covertly inserted over three years by a malicious maintainer, Jia Tan. The attack, which enabled remote code execution via ssh, was only uncovered by chance when Andres Freund investigated a minor performance issue. This incident highlights the vulnerability of the open-source supply chain and the effort attackers are willing to invest in gaining trust and access. In this article, I analyze the backdoor’s mechanics and explore how bitwise build reproducibility could have helped detect it.
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/44a02494c821235c4f66726807e5519572301679

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/44a02494c821235c4f66726807e5519572301679
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20251105/1f78840a/attachment.htm>

More information about the rb-commits mailing list