[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Mes 0.24 released
From: |
Ludovic Courtès |
Subject: |
Re: GNU Mes 0.24 released |
Date: |
Sun, 08 May 2022 00:34:47 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Heya,
Jan Nieuwenhuizen <janneke@gnu.org> skribis:
> Mes has now been ported to M2-Planet and can be bootstrapped using
> stage0-posix[0], starting from the 357-byte hex0 binary of the
> bootstrap-seeds[1], as was promised at FOSDEM'21[2].
This is amazing… congrats to you & everyone involved! You made it! :-)
The ability to build literally everything from source, with reproducible
builds, is a game changer IMO when it comes to supply chain security.
The common objection is: “you’re building from source but you’re not
gonna audit all that source code anyway, so why bother?” I think it’s
akin to security by obscurity. That we collectively can and do fiddle
with all this code makes a practical difference; that this is all
transparent means that backdoors become harder to hide.
Supply chain security is a spectrum and I think this achievement changes
what we can expect and demand.
Ludo’.