[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Mes 0.24 released
From: |
Larry Doolittle |
Subject: |
Re: GNU Mes 0.24 released |
Date: |
Sat, 7 May 2022 16:11:06 -0700 |
Ludovic and friends -
On Sun, May 08, 2022 at 12:34:47AM +0200, Ludovic Courtès wrote:
> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
> > Mes has now been ported to M2-Planet and can be bootstrapped using
> > stage0-posix[0], starting from the 357-byte hex0 binary of the
> > bootstrap-seeds[1], as was promised at FOSDEM'21[2].
> This is amazing… congrats to you & everyone involved! You made it! :-)
+1
> The common objection is: “you’re building from source but you’re not
> gonna audit all that source code anyway, so why bother?” [...]
> Supply chain security is a spectrum and I think this achievement changes
> what we can expect and demand.
I've had this conversation before, any my analogy is to the
three legs of a stool. Bootstrapped toolchains, reproducible builds,
and source-code audits. Each one is arguably useless without the others,
but taken together, you've actually accomplished something meaningful.
Maybe I should also include "cryptographically signed artifact distribution"
on that list.
- Larry