Google launches OSS Rebuild
Date:
Tue, 22 Jul 2025 13:51:44 +0000
Description:
Google has announced the existence of OSS Rebuild, an infrastructure for the creation and
verification of reproducible builds of software projects. Our aim with OSS Rebuild is to empower the security community to
deeply understand and control their supply chains by making package
consumption as transparent as using a source repository. Our
rebuild platform unlocks this transparency by utilizing a
declarative build process, build instrumentation, and network
monitoring capabilities which, within the SLSA Build framework,
produces fine-grained, durable, trustworthy security metadata. [...] Our vision extends beyond any single ecosystem: We are committed to
bringing supply chain transparency and security to all open source
software development. Our initial support for the PyPI (Python),
npm (JS/TS), and Crates.io (Rust) package registriesproviding
rebuild provenance for many of their most popular packagesis just
the beginning of our journey.
======================================================================
Link to news story:
https://lwn.net/Articles/1030935/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)