Enough time has passed that I feel like I can share my (possibly controversial) perspective on software supply chain security without it seeming reactive or opportunistic: https://puri.sm/posts/the-future-of-software-supply-chain-security/
Enough time has passed that I feel like I can share my (possibly controversial) perspective on software supply chain security without it seeming reactive or opportunistic: https://puri.sm/posts/the-future-of-software-supply-chain-security/
@kyle Good article but bootstrapping wasn't mentioned. The Guix developers have made good progress on this: http://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/