11-08, 11:30–12:20 (US/Pacific), 332
A comparison of two Free Software distributions that strive to be
trustworthy, Debian and GNU Guix.
This talk delves into how each project approaches fundamental security
features through Reproducible Builds, Bootstrappable Builds, code
auditability, etc. to improve trustworthiness, allowing independent
verification; trustworthy projects require little to no trust.
Exploring the challenges that each project faces due to very different
technical architectures, but also contextually relevent differences in
social structure, adoption patterns, and organizational history should
provide a good backdrop to understand how different approaches to
security might evolve, with real-world merits and downsides.
Vagrant is a free software developer involved in the the Debian and GNU Guix projects, a system administrator for an ARM build farm for Reproducible Builds, and gets thrown around repeatedly as a hobby. You can find vagrant on social networks such as the OpenPGP web of trust and various bug tracking systems!