Attack on SolarWinds could have been countered by reproducible builds
David Kleuker
post at davidak.de
Mon Dec 21 15:03:43 UTC 2020
it don't help much to rant on this ML where all people know what reproducible builds are. instead contacting all those journalists that did not mention it has a chance to change the current status.
a publication on reproducible-builds.org about this incident would also be helpful to share the link
next time this happens, journalists would at least know they COULD mention it
kind regards
David Kleuker
> Chris Lamb <chris at reproducible-builds.org> hat am 21.12.2020 15:30 geschrieben:
>
>
> David A. Wheeler wrote:
>
> > Let me restate this: it appears that the *source code* wasn’t
> > compromised, and the *distribution* system wasn’t compromised. Instead,
> > the *build system* was compromised.
>
> Thanks for this, David. You are absolutely right that this is exactly
> what Reproducible Builds was 'designed' for to begin with. An ironic
> hurrah that this kind of attack is getting more visibility these days.
>
> Another thanks for the press references too -- I will make good use of
> them when writing our next monthly report. (Alas, if it wasn't the
> holiday season I might be tempted to suggest that we do a specific
> publicity boost based on this..)
>
>
> Regards,
>
> --
> o
> ⬋ ⬊ Chris Lamb
> o o reproducible-builds.org 💠
> ⬊ ⬋
> o
More information about the rb-general
mailing list