Rob Landley on Nostr: Regarding the xz backdoor situation, here's what I wrote about in 2020 about ...
Regarding the xz backdoor situation, here's what I wrote about in 2020 about coutering ken thompson's trusting trust attack by binary auditing from a small reproducible base:
http://lists.landley.net/pipermail/toybox-landley.net/2020-July/011898.html
This is not a one-time thing. We need auditable plumbing that can be cleaned regularly, like maid service. Binary re-auditing the common OS base from scratch should be a standard freshman project, and that base should be simple enough to allow that.
https://landley.net/toybox
http://lists.landley.net/pipermail/toybox-landley.net/2020-July/011898.html
This is not a one-time thing. We need auditable plumbing that can be cleaned regularly, like maid service. Binary re-auditing the common OS base from scratch should be a standard freshman project, and that base should be simple enough to allow that.
https://landley.net/toybox