logoalt Hacker News

ATechGuy04/02/20251 replyview on HN

Sounds promising. How do you propose we create "hardened" projects?


Replies

pabs304/03/2025

For supply-chain security, you need basically two things; 1) audit all the source code 2) build the source code (almost) without using any binaries.

The CREV folks are working on distributed code review, and the Bootstrappable Builds folks are working on building an entire Linux distro without any existing binaries, starting from an MBR worth of commented machine code.

https://github.com/crev-dev/ https://bootstrappable.org/ https://lwn.net/Articles/983340/