GNU Mes 0.24 released

Ludovic Courtès ludo at gnu.org
Sat May 7 22:34:47 UTC 2022


Heya,

Jan Nieuwenhuizen <janneke at gnu.org> skribis:

> Mes has now been ported to M2-Planet and can be bootstrapped using
> stage0-posix[0], starting from the 357-byte hex0 binary of the
> bootstrap-seeds[1], as was promised at FOSDEM'21[2].

This is amazing… congrats to you & everyone involved!  You made it!  :-)

The ability to build literally everything from source, with reproducible
builds, is a game changer IMO when it comes to supply chain security.

The common objection is: “you’re building from source but you’re not
gonna audit all that source code anyway, so why bother?”  I think it’s
akin to security by obscurity.  That we collectively can and do fiddle
with all this code makes a practical difference; that this is all
transparent means that backdoors become harder to hide.

Supply chain security is a spectrum and I think this achievement changes
what we can expect and demand.

Ludo’.


More information about the rb-general mailing list