[Dev] Fwd: First Reproducible Builds Summit

fauno fauno at endefensadelsl.org
Wed Dec 9 12:37:21 GMT 2015



-------------------- Start of forwarded message --------------------
Date: Wed, 9 Dec 2015 07:11:06 -0300
From: <bread at ponape.com.ar>
Subject: First Reproducible Builds Summit

-------------- next part --------------
First Reproducible Builds Summit


I was just in Athens for the ?[Reproducible Builds
Summit](https://reproducible-builds.org/events/athens2015/)?, an
[Aspiration](https://aspirationtech.org/)-run meeting focused on the
issues of getting all software builds to be reproducible. This means
that anyone starting with the same source code can build the *exact*
same binary, bit-for-bit. At first glance, it sounds like this horrible,
arcane detail, which it is really. But it provides tons on real benefits
that can save lots of time. And in terms of programming, it can actually
be quite fun, like doing a puzzle or sudoku, since there is a very clear
point where you have ?won?.

Here are some examples of real benefits:

-   makes it easy to ensure no malware was inserted into software during
    the build process (e.g. the XCodeGhost malware we just saw)
-   provides a QA tool to make sure that changes in the source code of a
    project produce only the expected results
-   allows F-Droid to use the developer?s APK signature while still
    verifying that apps build from 100% free software
-   make it possible to optimize and profile build processes while
    guaranteeing the results are exactly the same
-   for large projects, it can greatly speed up the build process (think
    rebuilding Gmail)

Represented there was: [Debian](http://https//www.debian.org), Google,
[FreeBSD](https://www.freebsd.org/), [Fedora](https://getfedora.org/),
 [Homebrew](http://brew.sh/), [MacPorts](https://www.macports.org/),
[NetBSD](https://www.netbsd.org/), [Arch
[Coreboot](https://www.coreboot.org/), [OpenWRT](https://openwrt.org/),
and a bunch of other\
 projects like an automotive Linux distro called
[Baserock](https://wiki.baserock.org/), the
[Guix](https://www.gnu.org/software/guix/) package manager, a Linux
distro called [NixOS](https://nixos.org/),
[Haskell](https://www.haskell.org/) hackers, etc.

The organizers are already planning a second meeting, probably in April
in Western Europe, and are looking to get more projects involved. Lots
of people were talking about how it would be great to get some Android
ROM developers involved. So if you are a contributor to CyanogenMod,
Copperhead, [OmniROM](https://omnirom.org/),
[Replicant](http://www.replicant.us/), Blackphone, etc. and would be
interested in attending, please let us know!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20151209/2949eaa4/attachment.htm>
-------------- next part --------------
-------------------- End of forwarded message --------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20151209/2949eaa4/attachment.sig>

More information about the Dev mailing list