Sangy

@[email protected]
81 Followers
56 Following
383 Posts
Security research by day | Arch Linux security by night | reprobuilds + open source enthusiast and overall security person
SangyMay 14, 2024
yossarian (1.3.6.1.4.1.55738)May 14, 2024

For the last 6 months, my team at @trailofbits has been working with Alpha-Omega and @openssf to bring build provenance to @homebrew.

Today, I'm pleased to announce that our work is in public beta! Read about our design and how you can verify homebrew-core’s bottles:

https://blog.trailofbits.com/2024/05/14/a-peek-into-build-provenance-for-homebrew/

A peek into build provenance for Homebrew

By Joe Sweeney and William Woodruff Last November, we announced our collaboration with Alpha-Omega and OpenSSF to add build provenance to Homebrew. Today, we are pleased to announce that the core o…

Trail of Bits Blog
SangyApr 2, 2024
Show threadMorten LinderudApr 2, 2024

https://linderud.dev/blog/nixos-is-not-reproducible/

#Nix #nixos #ReproducibleBuilds

NixOS is not reproducible

Okay, sorry for the clickbait. NixOS is not reproducible according to the Reproducible Builds definition. I keep reading people making this claim repeatedly on orange-site, even LWN.net made a similar claim when writing about Nix and Guix earlier this week.1 Along with their recently launched wiki. So, what is the Reproducible Builds definition?2 When is a build reproducible? A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.

Morten Linderud
SangyJul 26, 2023

Is the Xwitter logo even hidpi? it renders like shit lmao

*checks, it's vector*

Oh...

SangyJun 13, 2023
Arch Linux Jun 13, 2023

Monthly report: Arch Linux in May 2023

https://monthly-reports.archlinux.page/2023/05/

https://lists.archlinux.org/archives/list/[email protected]/thread/YXOWVUKZBGJ6C2AN2AUTHOSZ4REDNSWM/

#archlinux #linux #monthlyreport

May

Arch Linux in May 2023 # Staff # We would like to welcome Anton Hvornum (torxed) and Christian Heusel (gromit) among the Arch Linux Package Maintainers. On top we would like to welcome Leonidas Spyropoulos (artafinde) to their new additional duties as Arch Linux Developer Git packaging # We are thrilled to announce the successful migration of our packaging ecosystem to Git, with package sources now accessible on GitLab. As part of this transition, we have developed a powerful new tool called pkgctl, available through devtools, offering a user-centric design and streamlined user experience for interacting with all aspects of Arch Linux packaging for users and packagers alike.

SangyJun 6, 2023

It's been 24 hours and I see no Apple version of this.

What's going on?

SangyMay 25, 2023
Mihai MaruseacMay 24, 2023
Dependencies, dependencies, dependencies. Each one can bring other dependencies and this makes understanding the software supply chain be the same level of difficulty as understanding the universe. We now have a telescope for this: GUAC, a project that has been in development for nearly a year and now reaches its v0.1 release. Find more on Google's security blog and come and join us in solving large swaths of supply chain problems/questions: https://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html
Announcing the launch of GUAC v0.1

Brandon Lum and Mihai Maruseac, Google Open Source Security Team Today, we are announcing the launch of the v0.1 version of Graph for Unders...

SangyJan 13, 2023

The first-stable release of sigstore-python is out!!

https://blog.trailofbits.com/2023/01/13/sigstore-python/

Announcing a stable release of sigstore-python

By William Woodruff Read the official announcement on the Sigstore blog as well! Trail of Bits is thrilled to announce the first stable release of sigstore-python, a client implementation of Sigsto…

Trail of Bits Blog
SangyNov 18, 2022
Show threadMorten LinderudNov 18, 2022
@dalias
There are more stuff here, but the sigstore paper also has a great number of relevant citations as @sangy has been working on this for a very long time :)
SangyMay 6, 2020
Reproducible BuildsMay 6, 2020

Hello Fediverse!

This account will post announcements from the Reproducible Builds project (https://reproducible-builds.org) as found on the birdsite, but will also boost Mastodon content related to the topic.

Happy to meet you all!

#introduction #intro

Reproducible Builds — a set of software development practices that create an independently-verifiable path from source to binary code

SangyMay 5, 2020
The first thing that happens after your consciousness is uploaded to the matrix is you see an AWS-themed dialog asking you to pick an availability zone.