Enough time has passed that I feel like I can share my (possibly controversial) perspective on software supply chain security without it seeming reactive or opportunistic:

@kyle Good article but bootstrapping wasn't mentioned. The Guix developers have made good progress on this:

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml