Two Ways to Trustworthy
A comparison of two Free Software distributions that strive to be trustworthy, Debian and GNU Guix.
This talk delves into how each project approaches fundamental security features through Reproducible Builds, Bootstrappable Builds, code auditability, etc. to improve trustworthiness, allowing independent verification; trustworthy projects require little to no trust.
Exploring the challenges that each project faces due to very different technical architectures, but also contextually relevent differences in social structure, adoption patterns, and organizational history should provide a good backdrop to understand how different approaches to security might evolve, with real-world merits and downsides.
Presenters
Vagrant Cascadian
Vagrant is a free software developer involved in the the Debian and GNU Guix projects, a system administrator for an ARM build farm for Reproducible Builds, and gets thrown around repeatedly as a hobby. You can find vagrant on social networks such as the OpenPGP web of trust and various bug tracking systems!