|
|
|
|
|
|
by shakna
1681 days ago
|
|
|
Distributions like Debian are _highly_ aware of supply chain attacks. That's one of the key reasons for projects like Reproducible Builds [0] and rekor [1] existing. So yes, distributions are carefully curated, with a large team of experts vetting the system in a huge number of ways, and are always looking to improve upon them. Because attackers are actively attempting to compromise major distributions. [0] https://wiki.debian.org/ReproducibleBuilds [1] https://lwn.net/Articles/859965/ |
|
|