Latest posts

In this article, I showcase a method to leverage reproducible builds to build trust in untrusted release assets. I claim that this method would have detected the 2024 xz backdoor attack.

How reproducible is NixOS? In this article I describe the results of a research work studying the evolution of bitwise reproducibility over time in the NixOS distribution, from 2017 to 2023.