Would this move by Debian, requiring byte-for-byte reproducible builds, have caught any real-world supply chain attacks seen in the past?
https://itsfoss.com/news/debian-makes-reproducible-builds-mandatory/
Post
Replies:
1
@dangoodin it would not have caught the xz attack. But is the point of reproducible builds more about consistency and reliability than security?
