GNU Mes 0.24 released

Sébastien Lerique sl at
Sun May 8 13:55:41 UTC 2022

Amazing indeed!

On 07 May 2022 at 16:11, Larry Doolittle <larry at> wrote:
>> The common objection is: “you’re building from source but you’re not
>> gonna audit all that source code anyway, so why bother?”  [...]
>> Supply chain security is a spectrum and I think this achievement changes
>> what we can expect and demand.
> I've had this conversation before, any my analogy is to the
> three legs of a stool.  Bootstrapped toolchains, reproducible builds,
> and source-code audits.  Each one is arguably useless without the others,
> but taken together, you've actually accomplished something meaningful.
> Maybe I should also include "cryptographically signed artifact distribution"
> on that list.

In a similar line, Bunnie Huang gave an interesting talk about the
hardware trust level a few years ago [0], which led to the Precursor
project [1,2].



More information about the rb-general mailing list