this post was submitted on 18 Apr 2024
82 points (98.8% liked)

Linux

48035 readers
726 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
top 2 comments
sorted by: hot top controversial new old
[–] [email protected] 15 points 6 months ago (1 children)

Interesting development.

A recent example is that reproducible builds allow for the creation of proof, simply by rebuilding and comparing the result, that a GCC build whose source was extracted with a compromised xz was not compromised; this process was achieved without needing to reverse engineer how the compromise occurred. Similarly, reproducible builds were reported as being usefully during investigations of the xz compromise.

[–] [email protected] 9 points 6 months ago* (last edited 6 months ago)

As much as I love openSUSE, and reproducible builds are a core requirement for trusted computing…

reproducible builds were reported as being useful

Really buries the lede of the xz attack results

either both are trojaned, or none

Edit: It is very useful for the first half - to ensure new packages extracted by a compromised xz weren’t modified during the extraction.

It’s just that reproducing the build of the tampered xz would still produce a bit-for-bit identical compromised version due to the way it modified the build system