Ariadne Conill 🐰 on Nostr: it should be noted that arch linux's reproducible source tarballs project actually ...
it should be noted that arch linux's reproducible source tarballs project actually caught the #xzbackdoor when they went and looked at it: https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757
while not perfect, this is a practical defense against backdoored source tarball releases.
while not perfect, this is a practical defense against backdoored source tarball releases.