Heya, Jan Nieuwenhuizen <jann...@gnu.org> skribis:
> Mes has now been ported to M2-Planet and can be bootstrapped using > stage0-posix[0], starting from the 357-byte hex0 binary of the > bootstrap-seeds[1], as was promised at FOSDEM'21[2]. This is amazing… congrats to you & everyone involved! You made it! :-) The ability to build literally everything from source, with reproducible builds, is a game changer IMO when it comes to supply chain security. The common objection is: “you’re building from source but you’re not gonna audit all that source code anyway, so why bother?” I think it’s akin to security by obscurity. That we collectively can and do fiddle with all this code makes a practical difference; that this is all transparent means that backdoors become harder to hide. Supply chain security is a spectrum and I think this achievement changes what we can expect and demand. Ludo’.