Debaudit is a newly announced set of tools for verifying the integrity and reproducibility of Debian source packages. It consists of three components: upstream2orig (verifies upstream tarballs match original source), git2dsc (verifies source packages from Vcs-Git match the Debian archive), and git2orig (verifies tarballs generated from repositories match archive tarballs). The project aims to secure the software supply chain used to build Debian binary packages by ensuring source code hasn't been maliciously altered during packaging.
Sort: