GNU Mes 0.24 released

Thiago Jung Bauermann bauermann at
Mon May 9 00:03:33 UTC 2022


Ludovic Courtès <ludo at> writes:

> Jan Nieuwenhuizen <janneke at> skribis:
>> Mes has now been ported to M2-Planet and can be bootstrapped using
>> stage0-posix[0], starting from the 357-byte hex0 binary of the
>> bootstrap-seeds[1], as was promised at FOSDEM'21[2].
> This is amazing… congrats to you & everyone involved!  You made it!  :-)
> The ability to build literally everything from source, with reproducible
> builds, is a game changer IMO when it comes to supply chain security.

Indeed, this is awesome!

> The common objection is: “you’re building from source but you’re not
> gonna audit all that source code anyway, so why bother?”  I think it’s
> akin to security by obscurity.  That we collectively can and do fiddle
> with all this code makes a practical difference; that this is all
> transparent means that backdoors become harder to hide.

I saw a project a while ago with an interesting approach that looks very
interesting for tackling this problem: crowd-sourced, social code

If many people review a piece of code and there's a system to record
those reviews, then it's possible to get a metric that is proportional
to the trustworthiness of said code.

It's a big task, but for unchanging code bases (such as the bootstrap
chain), it's a finite amount of work...


More information about the rb-general mailing list