What's if you could ~$ git clone SWHID?
"Youβd end up with git clone as a content-addressed fetch primitive rather than just a URL fetch, which is an interesting building block for reproducible builds and supply chain verification."
A nice write-up by @andrewnez on git remote helpers π https://nesbitt.io/2026/03/18/git-remote-helpers.html
Fedora Linux 44 Beta is out, bringing installer polish, modernized desktops, and updated dev tooling. π§©
Highlights: improved Anaconda networking, new KDE login/setup, Budgie and Games Lab on Wayland, plus big stack bumps like Go 1.26, MariaDB 11.8, Helm 4, Ansible 13, and TeXLive 2025. π οΈ
π https://fedoramagazine.org/announcing-fedora-linux-44-beta/
#TechNews #Linux #Fedora #OpenSource #Beta #KDE #Wayland #DevOps #SysAdmin #Security #ReproducibleBuilds #GNULinux #Desktop #Servers #FOSS
(2/2) those included 22 #ReproducibleBuilds β of which 6 failed:
* 3 because of not adhering to the "first basic rule": to build the APK from the tagged commit π
* 2 because of failed libraryStripping (so we needed to find the matching NDK and install that for them
* 1 not yet fixed as we could not yet figure the cause
Repairs took me 3+ hours. Easily avoidable. Dear devs, please see our RB hints 4 you, and help us saving time for other important tasks:
Debugging Reproducibility Issues in Rust Software
There is a fun footgun related to compile-time code generation using procedural macros in Rust: if the macro has non-deterministic behavior, then the build process of any crate using it is not reproducible.
Here's a little write-up explaining how I uncovered such an issue in the hashify crate while trying to package Rust software for Guix: https://notes.8pit.net/notes/iqfs.html
Supply chain security meets reproducible builds.
ExpressVPN is sponsoring PlanetNix 2026, highlighting the intersection of privacy, open-source infrastructure, and build reproducibility.
Event focus areas:
β’ Deterministic builds
β’ Secure deployment pipelines
β’ DevSecOps integration
β’ Team-level onboarding models
β’ Production-grade Nix environments
Reproducibility is increasingly tied to:
β Software supply chain integrity
β Auditability
β Compliance frameworks
β Infrastructure security baselines
As build determinism becomes more relevant to threat modeling, open-source tooling like Nix may play a critical role.
Source: https://planetnix.com/
Are reproducible systems now essential for modern security architecture?
Engage in the comments.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify open-source security discussions.
#Infosec #DevSecOps #SupplyChainSecurity #ReproducibleBuilds #NixOS #OpenSourceSecurity #ExpressVPN #CloudSecurity #InfrastructureSecurity #ThreatModeling
@downey @yjeanrenaud at #IzzyOnDroid with the next sync in (checks clock) about 16h from now π€ And it's part of our #ReproducibleBuilds π₯³
App Inclusion Request & Review details: https://codeberg.org/IzzyOnDroid/repodata/issues/32
### Guidelines - [x] The app complies with the [App Inclusion Policy](https://izzyondroid.org/docs/general/AppInclusionPolicy/). - [x] The app is not already listed in the repo or issue tracker. - [x] The [Fastlane](https://izzyondroid.org/docs/general/Fastlane/) folder is available in the app's...
Nice, the Tor VPN app (eventual successor of OrBot) was just merged into the main #F-Droid repository. It uses #ReproducibleBuilds to limit parties that need to be trusted. I helped a tiny bit during the months-long process.
PR: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/24694/
Bastien Guerry π§’
knoppix
Reel Tubes
Stewart X Addison
Izzy
vascorsd
nmeum
TechNadu
Mynacol