[Enhancement] Make Apache Pulsar build reproducible to increase the security and integrity of the software supply chain #23477
Labels
type/enhancement
The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Search before asking
Motivation
Reproducible builds increase the security and integrity of the software supply chain. They allow verification that no vulnerabilities or backdoors have been introduced during the compilation process. This is particularly important for privacy and security-focused software like Apache Pulsar.
Solution
Implement reproducible builds for Apache Pulsar by:
Alternatives
No direct alternatives considered. Not implementing reproducible builds leaves the project more vulnerable to potential supply chain attacks.
Anything else?
This enhancement aligns with industry best practices and recommendations from security organizations like the NSA and CISA for improving software supply chain security.
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: