Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs

Posted Jan 7, 2026 23:19 UTC (Wed) by NZheretic (guest, #409)
Parent article: European Commission issues call for evidence on open source

From over two decades ago Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs

Twelve Step TrustABLE IT:

Virtualized Linux Standard Base (VLSB)

in Virtual Demilitarized Network Zones (VDNZ)

from Trusted Build Agents (TBA)

Since 2004, the Linux Standard Base has been abandoned, somewhat replaced by the three de facto standard Debian, RedHat & Arch Linux distribution clone/compatibility & containerization under Docker/Podman & Flatpack etc.

[12] Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existence of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.

Using Debian's Reproducible builds set of software development practices, the Trusted Build Agent compilations can be verified.

Given the widespread adoption of container based deployment for backends & services, such as Docker & Podman, backend deployments as well as could also under such inspection & rebuild by Trusted Build Agents as well.

From two years earlier Our Data:an appeal - a "Plimsoll line" for apps

The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".

In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.