I have a concept for a two part article that I wish to share with you. Put simply, it’s about the Web of Trust. How can a user know that Fedora is secure, and how can people help each other in keeping Fedora secure. It will be a two-part article because I want to cut it up in both a conceptual part, and a simple tutorial.
Article one: Explaining the concept (~1400 words)
- What is compilation and why does it matter
- why must code be open source for security
- Fedora systems in place (Koji, Bodhi)
Article two: Giving a simple tutorial (~1200 words)
- How to extract hashes from an installed app
- How to rebuild a popular application
- How to compare results
- What to do when results don’t match
The first part will be more wordy, explaining FLOSS and why FLOSS helps you and others staying secure. The second part will be hands on, to the point that users can compare hashes and check out the project source.
For the tutorial, I wanted to use Flatpak because it’s easier, but I can understand that some of you have different feeling on that. There is already an article about compiling RPM files, so I will make sure to link to that too.
Let me know what you think,
PS. Thanks for moving to Discourse, I never got mailing-lists to work properly!