What the src?!

This is a source code indexing project, ingesting the source code inputs of Linux distributions and showing which artifact is used by which package.

It aims to:

• Document where distros agree on source code
• Document where distros disagree on source code
• Highlight what source code we're actually putting into our computers ^(allegedly)
• Track high profile source code releases
  • Malware in a random npm package: we sleep
  • Malware in the whatsrc dataset: big oof

Because secure, decentralized naming systems are very hard, whatsrc is referring to source code using a cryptographic hash of its tar representation, effectively addressing it by content.

Search by name

Examples

• cmatrix-2.0.tar.gz
• pcsc-lite-2.0.3.tar.bz2
• bettercap-2.32.0.tar.gz
• tini-0.19.0.tar.gz