Skip to content

Commit

Permalink
Reproducible verification build blog
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Leonard <[email protected]>
  • Loading branch information
@andrew-m-leonard
andrew-m-leonard committed Aug 9, 2024
1 parent ac5f742 commit 07763f9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion content/blog/adoptium-reproducible-verification-builds/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ tags:
A third-party reproducible verification build is a re-build of an official software product release, built purely from upstream sources and
securely obtained and verified tooling, in a secure and well defined build environment. Its purpose is to help maintain trust in the supply chain
by providing a mechanism for independent verification of the software integrity of the official releases. The trust of the supply chain is very
important from the perspective of ensuring no vulnerabilities or malware affect the offocial releases software.
important from the perspective of ensuring no vulnerabilities or malware affect the released software.

An important aspect for performing an
independent reproducible build is the security and source of the build environment. The upstream product sources, build scripts and toolchain
Expand Down

0 comments on commit 07763f9

Please sign in to comment.