LI_S02E47_Tied_up_and_shackled

Linux Inlaws

The Linux Inlaws and Linux Inlaws에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 The Linux Inlaws and Linux Inlaws 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

2M ago

MP3•에피소드 홈

Tied up, shackled and then some: In contrast what you may be thinking after this intro, in this episode Martin and Chris take a closer look at an obscure concept known not only in esoteric circles as the software supply chain (chain being the keyword here). Once only appreciated by the inner circle of a small group of level-eight magicians, this concepts has now entered mainstream and is considered instrumental not only in the area creating and maintaining large scale codebases possibly clocking up a few million lines of code. This especially becomes important when a codebase largely relies on FLOSS components commonly downloaded from the internet. Relying on these components may cause a security issue if not handled with caution as not only the recent xz-utils incident (where possibly a nation-state actor) managed to infiltrate a popular compression library virtually used everywhere. So if you're interested in the security of your builds and applications, this is another episode you don't want to miss.

Links

Left-pad incident: https://en.wikipedia.org/wiki/Npm_left-pad_incident
Lucene library: https://lucene.apache.org/core
Open source licenses episode (S01E36): https://archive.org/details/hpr3399
SBOMs: https://about.gitlab.com/blog/the-ultimate-guide-to-sboms
XZ Utils backdoor: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
OpenSSF's tools (not just SBOMs): https://openssf.org/projects
Autotools: https://www.gnu.org/software/automake/manual/html_node/Autotools-Introduction.html
SPDX: https://spdx.dev
CycloneDX: https://cyclonedx.org
valkey-search: https://github.com/valkey-io/valkey-
Thunderbolts: https://www.marvel.com/movies/thunderbolts