Conservancy/2023.fossy.us
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2023.fossy.us/schedule/presentation/118/index.html
Ben Sturmfels d4159fe51a
Initial wget mirror of https://2023.fossy.us 
Ran:

wget --mirror --convert-links --adjust-extension --page-requisites --no-parent https://2023.fossy.us/
2024-03-05 22:40:56 +11:00

298 lines
10 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>FOSSY 2023 | Presentation: Breaking the Chains of Trusting Trust: Reproducible Builds and More!</title>
<meta property="og:type" content="website" />
<link rel="icon" href="../../../static/build/img/favicon.ico" />
<!-- Cards -->
<meta property="og:title" content="FOSSY 2023 | Presentation: Breaking the Chains of Trusting Trust: Reproducible Builds and More!">
<meta property="og:description" content="" />
<meta property="og:url" content="https://2023.fossy.us/schedule/presentation/118/">
<meta name="twitter:site" content="@conservancy">
<meta name="twitter:image:alt" content="FOSSY 2023 | Presentation: Breaking the Chains of Trusting Trust: Reproducible Builds and More!" />
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://2023.fossy.us/static/build/img/conservancy_logo_tall_mono.png" />
<meta property="og:image" content="https://2023.fossy.us/static/build/img/conservancy_logo_tall_mono.png" />
<meta property="og:image:width" content="400" />
<meta property="og:image:height" content="400" />
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.6.3/css/all.css" integrity="sha384-UHRtZLI+pbxtHCWp1t77Bi1L4ZtiqrqD80Kn4Z8NTSRyMA2Fd33n5dQ8lWUE00s/" crossorigin="anonymous">
<link rel="stylesheet" href="https://unpkg.com/tachyons@4.12.0/css/tachyons.min.css">
<link href="../../../static/build/scss/app.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
var CONF_TZ = "US/Pacific";
</script>
</head>
<body class="">
<header class="clearfix d-print-none">
<nav class="navbar navbar-expand-lg navbar-dark" style="background: rgb(19,119,82); background: linear-gradient(124deg, rgba(19,119,82,1) 0%, rgba(19,106,119,1) 100%); margin-bottom: 1rem">
<div class="container">
<h2 class="sans-serif f2 f1-ns b lh-solid tracked-tight mv0 mr3">
<a class="washed-yellow hover-washed-yellow" href="../../../index.html" style="text-decoration: none">
FOSSY 2023
</a>
</h2>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarText" aria-controls="navbarText" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarText">
<ul class="navbar-nav mr-auto">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="index.html#" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
About
</a>
<div class="dropdown-menu">
<a class="dropdown-item " href="../../../about/index.html">About FOSSY</a>
<a class="dropdown-item " href="../../../travel/index.html">Travel and Lodging</a>
<a class="dropdown-item " href="../../../conventioncenter/index.html">Oregon Convention Center</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="index.html#" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Attend
</a>
<div class="dropdown-menu">
<a class="dropdown-item " href="../../../dashboard.html">Dashboard</a>
<a class="dropdown-item " href="../../../attend/tickets/index.html">Tickets</a>
<a class="dropdown-item " href="../../../attend/volunteer/index.html">Volunteer</a>
<a class="dropdown-item " href="../../../events/index.html">Events</a>
<a class="dropdown-item " href="../../../attend/code-of-conduct.html">Code of Conduct</a>
<a class="dropdown-item " href="../../../attend/health-and-safety/index.html">Health and Safety</a>
<a class="dropdown-item " href="../../../attend/terms-and-conditions/index.html">Terms and Conditions</a>
<a class="dropdown-item " href="https://sfconservancy.org/privacy-policy/">Privacy policy</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="index.html#" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Program
</a>
<div class="dropdown-menu">
<a class="dropdown-item " href="../../index.html">Schedule</a>
<a class="dropdown-item " href="../../../pages/tracks.html">Tracks</a>
<a class="dropdown-item " href="../../../call-for-proposals/index.html">Proposals</a>
</div>
</li>
<li class="nav-item ">
<a class="nav-link" href="../../../sponsorship/index.html">
Sponsorship
</a>
</li>
</ul>
</div>
</div>
</nav>
</header>
<main role="main" class="container">
<div class="row">
<div class="col page-header">
<h1 class="page-title">Breaking the Chains of Trusting Trust: Reproducible Builds and More!</h1>
<p class="lead">
E148 | <span class="presentation-time" data-starttime="2023-07-16T14:00:00" data-endtime="2023-07-16T15:00:00">Sun 16 Jul 2 p.m.&ndash;3 p.m.</span>
</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
</div>
</div>
<div class="row presentation-details">
<div class="col-md-3">
<h2 class="mt-4">Presented by</h4>
<ul class="list-unstyled">
<li class="mb-4 pb-2">
<img src="https://secure.gravatar.com/avatar/f3de796d6473451dfc362d3e5e0a250b?s=120&amp;d=mp" alt="Vagrant Cascadian" class="rounded-circle img-fluid">
<p>
<strong><a href="../../../speaker/profile/61/index.html">Vagrant Cascadian</a></strong><br />
<a href="https://www.aikidev.net">https://www.aikidev.net</a>
</p>
<div class="bio">Vagrant strives to make Reproducible Builds a best practices reality for everyone. Vagrant discovered free software late last millenia and has been contributing to free software since the beginning of this millenia. A long-time Debian Developer and contributor to Guix, tinkering with ARM and RISC-V systems. At Portland's Free Geek, Vagrant dove into life as a free software developer, rebuilding electronic waste with FOSS, modifying or developing new software as needed. That led to exciting work helping coordinate LTSP development shared between several different operating systems. That sense of open collaboration has been a life-long habit. Vagrant contrasts spending too much time on computers with bicycle commuting, aikido and a DIY solar hobby.</div>
</p>
</li>
</ul>
</div>
<div class="col-md-9 presentation-abstract">
<h2 class="mt-4">Abstract</h4>
<div class="abstract pb-4"><p>Corrupted build environments can deliver compromised cryptographically
signed binaries. Several exploits in in critical supply chains have
been demonstrated in recent years, proving that this is not just
theoretical. The most well secured build environments are still single
points of failure when they fail.
In 1984, Ken Thompson presented "Reflections on trusting trust" which
described an attack on a build toolchain that would be impossible to
detect through source code review ... in the decades since, what has
been done to actually mitigate these types of attacks?
Work in the Reproducible Builds and Bootstrappable Builds communities
has been progressing steadily in recent years, and can be used to
significantly reduce the risks of "Trusting Trust" and other supply
chain attacks, by making it possible to independently review not only
the end result, but the entire toolchain used to build a given
artifact.
This talk will focus on the state of the art from several angles in
related Free and Open Source Software projects, what works, current
challenges and future plans for building trustworthy toolchains you do
not need to trust.
<a href="https://reproducible-builds.org" rel="nofollow">https://reproducible-builds.org</a>
<a href="https://bootstrappable.org" rel="nofollow">https://bootstrappable.org</a></p></div>
</div>
</div>
<script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
<script src="../../../static/build/js/app.js" type="text/javascript"></script>
<script src="../../../static/build/js/jquery.formset.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="../../../static/build/bootstrap/js/bootstrap.bundle.min.js"></script>
<!--no-analytics-->
<script src="../../../static/build/js/luxon.min.js"></script>
<script src="../../../static/build/js/schedule.js" type="text/javascript"></script>
</main>
<footer class="footer mt-4 d-print-none">
<div class="container py-4">
<div class="row">
<div class="col-md-12 pb-12 text-center" style="margin-top: 0px;margin-bottom: 0px;border-bottom-style: solid;border-bottom-width: 0px;padding-bottom: 20px;">Wifi: FOSSY <i>(see Registration for older wifi)</i><br/>PIN: outreachy1000</div>
</div>
<div class="row">
<div class="col-md-4 pb-4">
<strong>FOSSY 2023</strong> <br>
July 13-16 2023 <br>
Portland, OR<br>
Timezone: PDT - UTC-7 <br>
<a href="mailto:conference@sfconservancy.org" alt="Email"><i class="far fa-envelope"></i></a>&nbsp;&nbsp;<a
href="https://twitter.com/conservancy" alt="Twitter"><i class="fab fa-twitter"></i></a>&nbsp;&nbsp;<a
href="https://social.sfconservancy.org/conservancy" alt="Mastodon"><i class="fab fa-mastodon"></i></a>
</div>
<div class="col-md-4 pb-4 text-center">
<a href="https://sfconservancy.org"><img src="../../../static/build/img/conservancy_logo.svg" alt="Software Freedom Conservancy logo" class="footer-image"></a>
</div>
<div class="col-md-4 pb-4 text-right">
<small>
<a href="index.html#">Back to top</a><br>
&copy; 2023 <a href="https://sfconservancy.org/">Software Freedom Conservancy</a><br>
<a href="../../../credits/index.html">Credits</a>
</small>
</div>
</div>
</div>
</footer>
</body>
</html>
Reference in a new issue View git blame Copy permalink