GNU Mes 0.24 released
larry at doolittle.boa.org
Sat May 7 23:11:06 UTC 2022
Ludovic and friends -
On Sun, May 08, 2022 at 12:34:47AM +0200, Ludovic Courtès wrote:
> Jan Nieuwenhuizen <janneke at gnu.org> skribis:
> > Mes has now been ported to M2-Planet and can be bootstrapped using
> > stage0-posix, starting from the 357-byte hex0 binary of the
> > bootstrap-seeds, as was promised at FOSDEM'21.
> This is amazing… congrats to you & everyone involved! You made it! :-)
> The common objection is: “you’re building from source but you’re not
> gonna audit all that source code anyway, so why bother?” [...]
> Supply chain security is a spectrum and I think this achievement changes
> what we can expect and demand.
I've had this conversation before, any my analogy is to the
three legs of a stool. Bootstrapped toolchains, reproducible builds,
and source-code audits. Each one is arguably useless without the others,
but taken together, you've actually accomplished something meaningful.
Maybe I should also include "cryptographically signed artifact distribution"
on that list.
More information about the rb-general