Attack on SolarWinds could have been countered by reproducible builds

David Kleuker post at davidak.de
Mon Dec 21 15:03:43 UTC 2020


it don't help much to rant on this ML where all people know what reproducible builds are. instead contacting all those journalists that did not mention it has a chance to change the current status.

a publication on reproducible-builds.org about this incident would also be helpful to share the link

next time this happens, journalists would at least know they COULD mention it

kind regards
David Kleuker

> Chris Lamb <chris at reproducible-builds.org> hat am 21.12.2020 15:30 geschrieben:
> 
>  
> David A. Wheeler wrote:
> 
> > Let me restate this: it appears that the *source code* wasn’t
> > compromised, and the *distribution* system wasn’t compromised. Instead,
> > the *build system* was compromised.
> 
> Thanks for this, David. You are absolutely right that this is exactly
> what Reproducible Builds was 'designed' for to begin with. An ironic
> hurrah that this kind of attack is getting more visibility these days.
> 
> Another thanks for the press references too -- I will make good use of
> them when writing our next monthly report. (Alas, if it wasn't the
> holiday season I might be tempted to suggest that we do a specific
> publicity boost based on this..)
> 
> 
> Regards,
> 
> --
>       o
>     ⬋   ⬊      Chris Lamb
>    o     o     reproducible-builds.org 💠
>     ⬊   ⬋
>       o


More information about the rb-general mailing list