Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/rst/statuses/112187951471494313">Robert Thau (rst@mastodon.social)'s status on Sunday, 31-Mar-2024 11:51:49 JST</a><a href="https://mastodon.social/@rst" title="rst@mastodon.social"><img src="https://gnusocial.jp/avatar/101705-48-20230226004714.webp" width="48" height="48" alt="Robert Thau" style="position: absolute; left: 0; top: 0;">Robert Thau</a><div><a href="https://hachyderm.io/@dalias/112187924605630297" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/40873" title="dalias@hachyderm.io">Rich Felker</a></li><li><a href="https://gnusocial.jp/user/149449" title="alanc@fosstodon.org">Alan Coopersmith</a></li><li><a href="https://gnusocial.jp/user/179725" title="leftpaddotpy@hachyderm.io">jade</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias</a> <a href="https://hachyderm.io/@leftpaddotpy">@leftpaddotpy</a> <a href="https://fosstodon.org/@alanc">@alanc</a> <a href="https://nixos.paris/@raito">@raito</a> But something would still have to fetch those versions or re-run them, or someone malicious, along the lines of "Hans Jansen"/"Jia Tan", could commit a malicious script decorated with plausible lies about how it was produced.  Perhaps easiest to just have the build hosts run autotools themselves, and ignore any purported build artifacts that happen to be present.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2879252#notice-5729922">In conversation</a><time datetime="2024-03-31T11:51:49+09:00" title="Sunday, 31-Mar-2024 11:51:49 JST">about 11 months ago</time> <span>from <span><a href="https://mastodon.social/@rst/112187951471494313" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@rst/112187951471494313">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Robert Thau (rst@mastodon.social)'s status on Sunday, 31-Mar-2024 11:51:49 JSTRobert Thau
in reply to
@dalias @leftpaddotpy @alanc @raito But something would still have to fetch those versions or re-run them, or someone malicious, along the lines of "Hans Jansen"/"Jia Tan", could commit a malicious script decorated with plausible lies about how it was produced. Perhaps easiest to just have the build hosts run autotools themselves, and ignore any purported build artifacts that happen to be present.
In conversationabout 11 months ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice