Remix clone Hacker News

I believe that FOSS maintainers can gain financial independence and sustain their projects by "selling" hardened FOSS projects (think supply-chain security assurance) to consumers. I'm working on enabling this. DM me if interested.

▲

ATechGuy 2 days ago | parent [-]

Sounds promising. How do you propose we create "hardened" projects?

	▲	pabs3 a day ago \| parent [-]
		For supply-chain security, you need basically two things; 1) audit all the source code 2) build the source code (almost) without using any binaries. The CREV folks are working on distributed code review, and the Bootstrappable Builds folks are working on building an entire Linux distro without any existing binaries, starting from an MBR worth of commented machine code. https://github.com/crev-dev/ https://bootstrappable.org/ https://lwn.net/Articles/983340/