Skip to content
GitLab
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Register
Sign in
Toggle navigation
Menu
Reproducible Builds
reproducible-website
Compare revisions
2f626b72895299c2f3771e21280eb4451aac862a...c753c61a1ab38b7ed8878cb4a3c0632bab6d5fbe
Commits (2)
Misc cosmetic changes.
· 31064767
Chris Lamb
authored
Apr 26, 2022
31064767
Publish.
· c753c61a
Chris Lamb
authored
Apr 26, 2022
c753c61a
Hide whitespace changes
Inline
Side-by-side
_posts/2022-04-2
5
-supporter-spotlight-google-open-source-security-team.md
→
_posts/2022-04-2
6
-supporter-spotlight-google-open-source-security-team.md
View file @
c753c61a
---
layout
:
post
title
:
"
Supporter
spotlight:
Google
Open
Source
Security
Team
(GOSST)"
date
:
2022-04-2
5
10:00:00
date
:
2022-04-2
6
10:00:00
categories
:
org
draft
:
true
---
[
![
](
{{
"/images/news/supporter-spotlight-gosst/gosst.png?2#right"
| relative_url }})](https://security.googleblog.com/)
...
...
@@ -43,7 +42,7 @@ making the open source software that everyone relies on more secure.
Meder: The range of initiatives that the team is involved in recognizes the
diversity of the ecosystem and unique challenges that projects face on their
security journey. For example, our sponsorship of
[
sos.dev
](
http://sos.dev/
)
security journey. For example, our sponsorship of
[
*
sos.dev
*
](
http://sos.dev/
)
ensures that developers are rewarded for security improvements to open source
projects, whilst the long term work on improving
[
Linux kernel security
](
http://sec.org/wiki/index.php/Kernel_Self_Protection_Project
)
...
...
@@ -85,8 +84,9 @@ to their near-universal adoption; users do not download and compile their own
software anymore. GOSST is starting to work with package managers to explore
ways to collaborate together on improving the state of the supply chain and
helping package maintainers and application developers do better… all with the
understanding that many open source projects are developed in spare time as a hobby!
Solutions like
[
this
](
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
)
,
understanding that many open source projects are developed in spare time as a
hobby!
[
Solutions like this
](
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
)
,
which are the result of
[
collaboration between GOSST and GitHub
](
https://github.blog/2022-04-07-slsa-3-compliance-with-github-actions/
)
,
are very encouraging as they demonstrate a way to materially strengthen
software supply chain security with readily available tools, while also
...
...
@@ -120,8 +120,8 @@ make reproducibility part of everyone's software consumption practices.
[
![
](
{{
"/images/news/supporter-spotlight-gosst/gosst.png#right"
| relative_url }})](https://security.googleblog.com/)
**
Chris:
I
f someone wanted to know more about GOSST or follow the team's
work,
where might they go to look?
**
**
Chris:
So i
f someone wanted to know more about GOSST or follow the team's
work,
where might they go to look?
**
Meder: We post regular updates on
[
Google's Security Blog
](
https://security.googleblog.com/
)
and on the
[
Linux hardening mailing list
](
https://lore.kernel.org/linux-hardening/
)
.
...
...
images/news/supporter-spotlight-gosst/gosst.png
View replaced file @
2f626b72
View file @
c753c61a
24 KB
|
W:
|
H:
24 KB
|
W:
|
H:
2-up
Swipe
Onion skin
Chris Lamb authored31064767
Chris Lamb authoredc753c61a
