[Git][reproducible-builds/reproducible-website][master] 2 commits: 2026-03: Misc changes prior to publication

Fri Apr 10 16:13:20 UTC 2026


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
0e710652 by Chris Lamb at 2026-04-10T12:13:11-04:00
2026-03: Misc changes prior to publication

- - - - -
d2c4e383 by Chris Lamb at 2026-04-10T12:13:12-04:00
published as https://reproducible-builds.org/reports/2026-03/

- - - - -


2 changed files:

- _reports/2026-03.md
- images/reports/2026-03/tux.png


Changes:

=====================================
_reports/2026-03.md
=====================================
@@ -3,7 +3,8 @@ layout: report
 year: "2026"
 month: "03"
 title: "Reproducible Builds in March 2026"
-draft: true
+draft: false
+date: 2026-04-10 16:13:12
 ---
 
 **Welcome to the March 2026 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
@@ -13,19 +14,21 @@ draft: true
 
 These reports outline what we've been up to over the past month, highlighting items of news from elsewhere in the increasingly-important area of software supply-chain security. As ever, if you are interested in contributing to the Reproducible Builds project, please see the [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
 
-<!--
-
-0. Table of contents generated here prior to publication
-
--->
+0. [Linux kernel hash-based integrity checking proposed](#linux-kernel-hash-based-integrity-checking-proposed)
+0. [Distribution work](#distribution-work)
+0. [Tool development](#tool-development)
+0. [Upstream patches](#upstream-patches)
+0. [Documentation updates](#documentation-updates)
+0. [Two new academic papers](#two-new-academic-papers)
+0. [Misc news](#misc-news)
 
 ---
 
-### Linux kernel's signature-based integrity checking to be replaced?
+### Linux kernel hash-based integrity checking proposed
 
 [![]({{ "/images/reports/2026-03/tux.png#right" | relative_url }})](https://lore.kernel.org/lkml/20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net/)
 
-Eric Biggers posted to the [Linux Kernel Mailing List](https://lkml.org/) in response to a [patch series posted by Thomas Weißschuh](https://lore.kernel.org/lkml/20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net/) to introduce a hash-based system of integrity checking. Thomas' [original post](https://lore.kernel.org/lkml/20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net/) mentions:
+Eric Biggers posted to the [Linux Kernel Mailing List](https://lkml.org/) in response to a [patch series posted by Thomas Weißschuh](https://lore.kernel.org/lkml/20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net/) to introduce a calculated hash-based system of integrity checking to complement the existing *signature*-based approach. Thomas' [original post](https://lore.kernel.org/lkml/20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net/) mentions:
 
 > The current signature-based module integrity checking has some drawbacks in combination with reproducible builds. Either the module signing key is generated at build time, which makes the build unreproducible, or a static signing key is used, which precludes rebuilds by third parties and makes the whole build and packaging process much more complicated.
 
@@ -147,7 +150,6 @@ Once again, there were a number of improvements made to our website this month i
 
 
 [![]({{ "/images/reports/2026-03/epub.gi.png#right" | relative_url }})](https://dl.gi.de/items/07a895be-d49c-4d73-b14d-cb533e850ca2)
-<!-- Link currently HTTP 500; -->
 
 Marc Ohm, Timo Pohl, Ben Swierzy and Michael Meier published a paper on the [*threat of cache poisoning in the Python ecosystem*](https://dl.gi.de/items/07a895be-d49c-4d73-b14d-cb533e850ca2):
 


=====================================
images/reports/2026-03/tux.png
=====================================
Binary files a/images/reports/2026-03/tux.png and b/images/reports/2026-03/tux.png differ



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/a26d4ef9358ed550ebf4632d2434e852f24cba42...d2c4e38373d570c6ad57cd77b7f296387098df68

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/a26d4ef9358ed550ebf4632d2434e852f24cba42...d2c4e38373d570c6ad57cd77b7f296387098df68
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20260410/6b485c68/attachment.htm>
