Julien Malka aka Luj

PhD Student in Software Supply Chain Security

PhD student at the Polytechnic Institute of Paris researching software supply chain security. Former theoretical CS student at École Normale Supérieure. NixOS Steering Committee member and contributor, working on unattended boot security and maintaining a Proxmox port on NixOS. FOSS enthusiast running a hyper-converged, highly available home cluster. Interested in putting digital skills in the service of the public good.

Available for freelance work in software security, NixOS, or infrastructure projects.

Writing

Latest2026·1 min

Lila: Decentralized Build Reproducibility Monitoring for the Functional Package Management Model

Authors: J. Malka, A. Engelen Venue: MSR 2026 Award: MSR 2026 FOSS Award Preprint: arXiv:2601.20662 Abstract Ensuring the integrity of software build artifacts is an increasingly important concern for modern software engineering, driven by increasingly sophisticated attacks on build systems, distribution channels, and development infrastructures. Reproducible builds – where binaries built independently from the same source code can be verified to be bit-for-bit identical to the distributed artifacts – provide a principled foundation for transparency and trust in software distribution. Despite their potential, the large-scale adoption of reproducible builds faces two significant challenges: achieving high reproducibility rates across vast software collections and establishing reproducibility monitoring infrastructure that can operate at very large scale. While recent studies have shown that high reproducibility rates are achievable at scale – demonstrated by the Nix ecosystem...

Notes21

Browse all notes →