Re: Attack on SolarWinds could have been countered by reproducible builds

[Chris Lamb]

Hi Justin,

> On another note, I would say this is an ideal time to engage the
> broader academic / open source communities about reproducible builds.

As it happens, Stefano Zacchiroli recently suggested to me that we
write a paper together that we would first offer to IEEE Software. We
got into a good routine and submitted to IEEE about a fortnight ago.

It's aimed a more general audience, first defining the problem and
then providing some insight into the challenges of actually making
real-world software reproducible.

We then use various experiences of the Reproducible Builds project to
make large-scale software collections/supply-chains/ecosystems
reproducible, and we also describe the affinity between reproducibility
efforts and quality assurance (QA).

More news when we have it, of course...


Regards,

--
      o
    ⬋   ⬊      Chris Lamb
   o     o     reproducible-builds.org 💠
    ⬊   ⬋
      o