On Tue, 13 Dec 2022, Xin LI wrote:
Using prebuilt binaries is not necessarily compromising security when done right. I think to ensure safety of these prebuilt binaries, we need to invest in e.g. making package builds reproducible (so an independent third party can audit and validate that the binaries are actually built from the source that they claimed to be when they want), ensure that the builders are safe, and sign the packages on the builders.
Reproducable builds, a packaged base and paid staff to maintain the vuxml db (and perhaps support for containerd and wakeonlan) would go a _long_ way towards getting FreeBSD back onto the short list of popular server operating systems. Alas, none of these seems to be a priority for the Board. Roger Marquis
