Academic publications

Trusting Trust - Reflections on Trusting Trust (1984) — Ken Thompson. (PDF)
Fully Countering Trusting Trust through Diverse Double-Compiling (2005/2009) — David A. Wheeler (PDF, …)
Functional Package Management with Guix (2013) — Ludovic Courtès. […]
Reproducible and User-Controlled Software Environments in HPC with Guix (2015) — Ludovic Courtès, Ricardo Wurmus […]
in-toto: Providing farm-to-table guarantees for bits and bytes (2019) — Santiago Torres-Arias, New York University; Hammad Afzali, New Jersey Institute of Technology; Trishank Karthik Kuppusamy, Datadog; Reza Curtmola, New Jersey Institute of Technology; Justin Cappos, New York University. (PDF)
Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks (2020) — Marc Ohm, Henrik Plate, Arnold Sykosch, Michael Meier. (PDF)
Automated Localization for Unreproducible Builds (2018) — Zhilei Ren, He Jiang, Jifeng Xuan, Zijiang Yang. (PDF)
Reproducible Containers (2020) — Navarro Leija, Omar S. and Shiptoski, Kelly and Scott, Ryan G. and Wang, Baojun and Renner, Nicholas and Newton, Ryan R. and Devietti, Joseph. (…)
Towards detection of software supply chain attacks by forensic artifacts — Marc Ohm, Arnold Sykosch, Michael Meier. (Link)
Automated Localization for Unreproducible Builds — Zhilei Ren, He Jiang, Jifeng Xuan & Zijiang Yang. (PDF)

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches welcome via our Git repository (instructions) or via our mailing list. • Full contact info