Joe on Nostr: In the aftermath of the xz security event, i think projects need to review tests as ...
In the aftermath of the xz security event, i think projects need to review tests as closely as they would production code.
Distros need to build without running tests, and distros and users need to verify that builds are identical weather tests are run or not. Builds that are not reproducible should not be acceptable anywhere.
Distros need to build without running tests, and distros and users need to verify that builds are identical weather tests are run or not. Builds that are not reproducible should not be acceptable anywhere.