Attack on SolarWinds could have been countered by reproducible builds
Allen Gunn
gunner at aspirationtech.org
Tue Feb 23 19:21:55 UTC 2021
And for those have not seen this item, another take on supply chain
vulnerability scenarios:
https://www.schneier.com/blog/archives/2021/02/dependency-confusion-another-supply-chain-vulnerability.html
On 2/23/21 12:56 AM, Fredrik Strömberg wrote:
> On Mon, Feb 22, 2021 at 6:52 PM Chris Lamb
> <chris at reproducible-builds.org> wrote:
>>
>> Fredrik, as you asked for updates: just to mention that the paper has
>> passed its initial review, and we are now making some minor changes to
>> address various comments and concerns (mostly around the framing of
>> the issue and ensuring it is accessible to as wide an audience as
>> possible).
>>
>
> Thanks Chris!
>
--
Allen Gunn
Executive Director, Aspiration
www.aspirationtech.org
Aspiration: "Better Tools for a Better World"
Read our Manifesto: https://aspirationtech.org/publications/manifesto
Twitter: www.twitter.com/aspirationtech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210223/e585eb40/attachment.sig>
More information about the rb-general
mailing list