{"id":"https://openalex.org/W4392325061","doi":"https://doi.org/10.1145/3639478.3639806","title":"Increasing trust in the open source supply chain with reproducible builds and functional package management","display_name":"Increasing trust in the open source supply chain with reproducible builds and functional package management","publication_year":2024,"publication_date":"2024-04-14","ids":{"openalex":"https://openalex.org/W4392325061","doi":"https://doi.org/10.1145/3639478.3639806"},"language":"en","primary_location":{"id":"doi:10.1145/3639478.3639806","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3639478.3639806","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3639478.3639806","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3639478.3639806","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093835702","display_name":"Julien Malka","orcid":"https://orcid.org/0009-0008-9845-6300"},"institutions":[{"id":"https://openalex.org/I12356871","display_name":"T\u00e9l\u00e9com Paris","ror":"https://ror.org/01naq7912","country_code":"FR","type":"education","lineage":["https://openalex.org/I12356871","https://openalex.org/I205703379","https://openalex.org/I4210145102"]},{"id":"https://openalex.org/I4210165912","display_name":"Laboratoire Traitement et Communication de l\u2019Information","ror":"https://ror.org/057er4c39","country_code":"FR","type":"facility","lineage":["https://openalex.org/I12356871","https://openalex.org/I205703379","https://openalex.org/I4210145102","https://openalex.org/I4210165912"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Julien Malka","raw_affiliation_strings":["LTCI, T\u00e9l\u00e9com Paris, Institut Polytechnique de Paris, France, Palaiseau, France"],"raw_orcid":"https://orcid.org/0009-0008-9845-6300","affiliations":[{"raw_affiliation_string":"LTCI, T\u00e9l\u00e9com Paris, Institut Polytechnique de Paris, France, Palaiseau, France","institution_ids":["https://openalex.org/I4210165912","https://openalex.org/I12356871"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5093835702"],"corresponding_institution_ids":["https://openalex.org/I12356871","https://openalex.org/I4210165912"],"apc_list":null,"apc_paid":null,"fwci":0.3223,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.46586324,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"184","last_page":"186"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9836999773979187,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9836999773979187,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9781000018119812,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9746000170707703,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.7719880938529968},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.7510521411895752},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6633158922195435},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.6062362194061279},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5675094723701477},{"id":"https://openalex.org/keywords/supply-chain-management","display_name":"Supply chain management","score":0.5507057905197144},{"id":"https://openalex.org/keywords/software-package","display_name":"Software package","score":0.4906260073184967},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.43484774231910706},{"id":"https://openalex.org/keywords/open-source-software","display_name":"Open source software","score":0.43199390172958374},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.37995317578315735},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.34887388348579407},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.20601630210876465},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11322769522666931},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.07430797815322876}],"concepts":[{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.7719880938529968},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.7510521411895752},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6633158922195435},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.6062362194061279},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5675094723701477},{"id":"https://openalex.org/C44104985","wikidata":"https://www.wikidata.org/wiki/Q492886","display_name":"Supply chain management","level":3,"score":0.5507057905197144},{"id":"https://openalex.org/C3020440742","wikidata":"https://www.wikidata.org/wiki/Q1176855","display_name":"Software package","level":3,"score":0.4906260073184967},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.43484774231910706},{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.43199390172958374},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.37995317578315735},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.34887388348579407},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.20601630210876465},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11322769522666931},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.07430797815322876}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3639478.3639806","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3639478.3639806","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3639478.3639806","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings","raw_type":"proceedings-article"},{"id":"pmh:oai:HAL:hal-04482192v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04482192","pdf_url":"https://hal.science/hal-04482192/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"46th International Conference on Software Engineering (ICSE 2024) - Doctoral Symposium (DS) Track, Apr 2024, Lisbonne, Portugal. &#x27E8;10.1145/3639478.3639806&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":{"id":"doi:10.1145/3639478.3639806","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3639478.3639806","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3639478.3639806","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4392325061.pdf"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W2103001366","https://openalex.org/W2148542607","https://openalex.org/W2170267084","https://openalex.org/W2949138297","https://openalex.org/W2954309769","https://openalex.org/W2963813732","https://openalex.org/W3009244602","https://openalex.org/W3046453918","https://openalex.org/W3155859537","https://openalex.org/W3156903202","https://openalex.org/W3161491624","https://openalex.org/W3208113910","https://openalex.org/W4223897634","https://openalex.org/W4226416841","https://openalex.org/W4283652455","https://openalex.org/W4379087932","https://openalex.org/W4384948741"],"related_works":["https://openalex.org/W4376877853","https://openalex.org/W1493891899","https://openalex.org/W4250928611","https://openalex.org/W166480398","https://openalex.org/W1612808768","https://openalex.org/W167327709","https://openalex.org/W1977393088","https://openalex.org/W4387839566","https://openalex.org/W4210922265","https://openalex.org/W2491403535"],"abstract_inverted_index":{"Functional":[0],"package":[1],"managers":[2],"(FPMs)":[3],"and":[4,10,23,42,52],"reproducible":[5],"builds":[6],"(R-B)":[7],"are":[8,13],"technologies":[9],"methodologies":[11],"that":[12,24],"conceptually":[14],"very":[15],"different":[16],"from":[17],"the":[18,38,45,48,56,64],"traditional":[19],"software":[20,29,49],"deployment":[21],"model,":[22],"have":[25],"promising":[26],"properties":[27],"for":[28],"supply":[30,50,67],"chain":[31,51],"security.":[32],"This":[33],"thesis":[34],"aims":[35],"to":[36,55,59],"evaluate":[37],"impact":[39],"of":[40,47],"FMPs":[41],"R-B":[43],"on":[44],"security":[46],"propose":[53],"improvements":[54],"FPM":[57],"model":[58],"further":[60],"improve":[61],"trust":[62],"in":[63],"open":[65],"source":[66],"chain.":[68]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-07T13:39:58.223016","created_date":"2025-10-10T00:00:00"}