GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Janneke (janneke@todon.nl)'s status on Monday, 08-Jun-2026 03:25:36 JST Janneke Janneke
    • T-DOSE

    Kris van Rens at @tdose "The XZ Utils backdoor -- Digging into a major cybersecurity incident"

    After skipping very quickly through the technical section during the talk because of time constraints, afterwards Kris gave an interactive session on the technicalities for a handful of interested people. Lovely! Also: food for thought.
    #tdose

    In conversation about a month ago from todon.nl permalink

    Attachments


    1. https://todon.nl/system/media_attachments/files/116/710/213/904/658/172/original/032f0f15920e6e54.jpeg
    • Embed this notice
      Janneke (janneke@todon.nl)'s status on Monday, 08-Jun-2026 05:44:17 JST Janneke Janneke
      in reply to
      • T-DOSE

      @tdose
      For quite a while I took pride in making source tarballs reproducible. First, I did it for Dezyne (https://cgit.git.savannah.nongnu.org/cgit/dezyne.git/commit/?id=7db1b91b65499464ed9829d17b808453f5f6e5e4) then (a bit harder) for GNU Guix (https://issues.guix.gnu.org/70169/).

      In Guix, it has always been a puzzle: Do we prefer tarballs, or do we prefer Git? Well, thanks to the xz-utils fiasco, that problem has been solved: https://codeberg.org/guix/guix/milestone/66679.

      We now know what to do, we only have to do it.

      On the tarball front, I believe it would be good to remove pre-built artifacts, and only include true sources from Git.

      Thoughts?

      In conversation about a month ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: cgit.git.savannah.nongnu.org
        build: Reproducible tarball. - dezyne.git -

      2. Invalid filename.

      3. Invalid filename.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.