stm_app icon indicating copy to clipboard operation
stm_app copied to clipboard

Published 20 hours ago verified publisher icon stackmuncher

Biuld reproducibility

Open rimutaka opened this issue 3 years ago • 1 comments

How do we know that there are no vulnerabilities or backdoors introduced into the build via dependencies?

  • https://security.googleblog.com/2021/07/measuring-security-risks-in-open-source.html
  • https://github.com/rust-secure-code/cargo-supply-chain
  • https://www.reddit.com/r/rust/comments/ofurfs/how_to_achieve_identical_compilations_of_the_same/

rimutaka avatar Jul 07 '21 23:07 rimutaka