GNU Mes 0.24 released

Larry Doolittle larry at
Sat May 7 23:11:06 UTC 2022

Ludovic and friends -

On Sun, May 08, 2022 at 12:34:47AM +0200, Ludovic Courtès wrote:
> Jan Nieuwenhuizen <janneke at> skribis:
> > Mes has now been ported to M2-Planet and can be bootstrapped using
> > stage0-posix[0], starting from the 357-byte hex0 binary of the
> > bootstrap-seeds[1], as was promised at FOSDEM'21[2].
> This is amazing… congrats to you & everyone involved!  You made it!  :-)


> The common objection is: “you’re building from source but you’re not
> gonna audit all that source code anyway, so why bother?”  [...]
> Supply chain security is a spectrum and I think this achievement changes
> what we can expect and demand.

I've had this conversation before, any my analogy is to the
three legs of a stool.  Bootstrapped toolchains, reproducible builds,
and source-code audits.  Each one is arguably useless without the others,
but taken together, you've actually accomplished something meaningful.
Maybe I should also include "cryptographically signed artifact distribution"
on that list.

 - Larry

More information about the rb-general mailing list