Google's New Security Project 'OSS Rebuild' Tackles Package Supply Chain Verification - Slashdot

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts. It includes automation to derive declarative build definitions, new "build observability and verification tools" for security tea...