Re: Attack on SolarWinds could have been countered by reproducible builds
Chris Lamb
chris at reproducible-builds.org
Mon Dec 21 14:30:47 UTC 2020
David A. Wheeler wrote:
> Let me restate this: it appears that the *source code* wasn’t
> compromised, and the *distribution* system wasn’t compromised. Instead,
> the *build system* was compromised.
Thanks for this, David. You are absolutely right that this is exactly
what Reproducible Builds was 'designed' for to begin with. An ironic
hurrah that this kind of attack is getting more visibility these days.
Another thanks for the press references too -- I will make good use of
them when writing our next monthly report. (Alas, if it wasn't the
holiday season I might be tempted to suggest that we do a specific
publicity boost based on this..)
Regards,
--
o
⬋ ⬊ Chris Lamb
o o reproducible-builds.org 💠
⬊ ⬋
o
More information about the rb-general
mailing list