Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Or source-based distros (and equivalently source-based distros with reproducible builds & a binary cache of build artifacts with a package manager that checks the resulting hash matches the expected value).

Of course source can still be compromised, say by malicious dependencies. But it's better than source and binaries being compromisable.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: