Danny GroveI’m officially on the schedule for #OSSummit + #EmbeddedLinux Conference NA! 🎤I’ll be presenting: "StageX: Rebuilding Trust Through Multi-Signed, Full-Source Bootstrapped, and Reproducible Builds". Join me May 18-20 in Minneapolis!
Use code OSSNA for 20% off your pass. ✨ Get it here: https://bit.ly/3R3d8nb
RE: https://mastodon.social/@lobsters/116280125863583032
One of our maintainers, @zoef, makes a really strong visual case on the importance of Web of Trust especially in 2026
Lance R. Vick@nabeards Packages are just containerfiles so it is not hard to write them yourself in most cases: https://codeberg.org/stagex/stagex/src/branch/main/packages/core/curl/Containerfile
But file issues for things you want to see, or PRs if you get something building locally.
Need any help, drop into #stagex:matrix.org
Bioninformatician_next_doorI would like to Request for Review on our 1st version (v0.9 tag) of the #whitepaper on #stagex
I have prepared a Review template that could be used when you create an Issue.
The manuscript is in #latex and #pdf .
https://codeberg.org/stagex/whitepapers/src/branch/main/out/stagex.pdf
@civodul
@cbaines
@stefano
@samueljohnson
If you have someone in mind that would be interested to review it, please let me know!
Thank you in advance!
PS: The project is intended for use by highly technical security engineers at this time.
Well after quite some months a new release has landed on main branch with git commit: https://codeberg.org/stagex/stagex/commit/f33076ccbcf484eee52cc6994a96dfa89a607b8c
With this release #StageX brings more freedom to everybody by using `natively` #llvm to build the complete tree (full source #bootstrapped and #reproducible as always), initializing the era of cross-compiling "easily" for any other CPU architecture.If that doesn't excites you, then get prepared for other even better things coming into the next release!
See you at #FOSSDEM26 for stickers!
With this release #StageX brings more freedom to everybody by using `natively` #llvm to build the complete tree (full source #bootstrapped and #reproducible as always), initializing the era of cross-compiling "easily" for any other CPU architecture.If that doesn't excites you, then get prepared for other even better things coming into the next release!
See you at #FOSSDEM26 for stickers!
@fasterthanlime
There is a #bounty of $1000 to solve for #reproducible #rust to build x86_64-linux-gnu libstd for rust 1.91 with #stagex and be able to compile a dynamically linked rust binary with it that runs on #Debian.
Would you be interested to take the challenge?
@fasterthanlime hmm, but what about stagex? :P
Dasharo@lrvick presents a focused look at #StageX, a minimal, fully bootstrapped, deterministic, multi-party-signed #Linux distribution for verifiable infrastructure. Existing "reproducible build" solutions often fall short when evaluated against stricter threat models, so StageX provides a container-native, fully bootstrapped, reproducible, and multi-signed toolchain aimed at delivering verifiable artifacts without exceptions.
Finally a post talking about #stagex !
If you like #security and #reproducible_builds
then have a look here:
https://quorum.tkhq.xyz/posts/reproducible-builds-made-easy-introducing-stagex/
Reproducible builds made easy: introducing StageX
This post is about Turnkey's journey with reproducible builds. We don't have a choice: our builds must be reproducible to secure TEE deployments and use remote attestations meaningfully. Unfortunately reproducible builds aren't easy out-of-the-box. We'll survey the landscape of existing options available to us, show our first attempt at reproducible builds, and explain why and how we've arrived at StageX: a new container-based, full-source-bootstrapped, reproducible, multi-party signed distro which simplifies reproducible builds considerably.