Mastodawn

How do you trust a new Linux Distribution?

🧑‍💻 https://kron.fi/en/posts/stagex-web-of-trust/

#html #linux #trust #distraction #stagex #homelab #opensource #work #homelab #workplace #weboftrust #web #trust

How do you trust a new Linux Distribution?

Who do you trust (… and how do you trust the new Linux Distribution StageX?) Do you trust your best friend from childhood? Do you trust your chosen Distribution for your Homelab? For your Workplace? Psychology says there are roughly two types of trust. Direct and Transitive trust. Direct trust is you trusting your best friend. Transitive trust is your best friend assuring you another person is also trustworthy and you listening to their word because you trust them.

Zoë's Blog

Danny Grove 6d ago

RE: https://mastodon.social/@lobsters/116280125863583032

One of our maintainers, @zoef, makes a really strong visual case on the importance of Web of Trust especially in 2026

#security #stagex #linux #crytography

Show thread

Lance R. Vick Mar 22

@nabeards Packages are just containerfiles so it is not hard to write them yourself in most cases: https://codeberg.org/stagex/stagex/src/branch/main/packages/core/curl/Containerfile

But file issues for things you want to see, or PRs if you get something building locally.

Need any help, drop into #stagex:matrix.org

stagex/packages/core/curl/Containerfile at main

stagex - A container-native, full-source bootstrapped, and reproducible toolchain to build all the things

Codeberg.org

Bioninformatician_next_door Mar 7

I would like to Request for Review on our 1st version (v0.9 tag) of the #whitepaper on #stagex
I have prepared a Review template that could be used when you create an Issue.
The manuscript is in #latex and #pdf .
https://codeberg.org/stagex/whitepapers/src/branch/main/out/stagex.pdf
@civodul
@cbaines
@stefano
@samueljohnson
If you have someone in mind that would be interested to review it, please let me know!
Thank you in advance!

PS: The project is intended for use by highly technical security engineers at this time.

whitepapers/out/stagex.pdf at main

whitepapers - Whitepapers from the stagex team

Codeberg.org

Bioninformatician_next_door Jan 31

Today I will be at #FOSSDEM26 helping in the cloak room!
CU there for #stagex stickers!

Bioninformatician_next_door Jan 29

Well after quite some months a new release has landed on main branch with git commit: https://codeberg.org/stagex/stagex/commit/f33076ccbcf484eee52cc6994a96dfa89a607b8c
With this release #StageX brings more freedom to everybody by using `natively` #llvm to build the complete tree (full source #bootstrapped and #reproducible as always), initializing the era of cross-compiling "easily" for any other CPU architecture.If that doesn't excites you, then get prepared for other even better things coming into the next release!
See you at #FOSSDEM26 for stickers!

Show thread

Bioninformatician_next_door Dec 21

@fasterthanlime
There is a #bounty of $1000 to solve for #reproducible #rust to build x86_64-linux-gnu libstd for rust 1.91 with #stagex and be able to compile a dynamically linked rust binary with it that runs on #Debian.
Would you be interested to take the challenge?

#containers #linux

Show thread

Bioninformatician_next_door Nov 26

@fasterthanlime hmm, but what about stagex? :P

#stagex

Dasharo Nov 26

@lrvick presents a focused look at #StageX, a minimal, fully bootstrapped, deterministic, multi-party-signed #Linux distribution for verifiable infrastructure. Existing "reproducible build" solutions often fall short when evaluated against stricter threat models, so StageX provides a container-native, fully bootstrapped, reproducible, and multi-signed toolchain aimed at delivering verifiable artifacts without exceptions.

Bioninformatician_next_door Nov 1, 2024

Finally a post talking about #stagex !
If you like #security and #reproducible_builds
then have a look here:

https://quorum.tkhq.xyz/posts/reproducible-builds-made-easy-introducing-stagex/

Reproducible builds made easy: introducing StageX

This post is about Turnkey's journey with reproducible builds. We don't have a choice: our builds must be reproducible to secure TEE deployments and use remote attestations meaningfully. Unfortunately reproducible builds aren't easy out-of-the-box. We'll survey the landscape of existing options available to us, show our first attempt at reproducible builds, and explain why and how we've arrived at StageX: a new container-based, full-source-bootstrapped, reproducible, multi-party signed distro which simplifies reproducible builds considerably.

Quorum