TLDR:
The goal of reproducible builds is to reduce the likelyhood of running
software that was corrupted (during build)
At https://etherpad.opensuse.org/p/reproduciblebuilds-goal
I added a small FAQ around it. You are welcome to contribute there with
refinements or extra questions+answers (becaus
> TLDR:
> The goal of reproducible builds is to reduce the likelyhood of running
> software that was corrupted (during build)
Absolutely correct.
For those that worry about the trusting trust attack, we have bootstrappable
builds
#bootstrappable on freenode (irc)
https://bootstrappable.org/
-Je
On Mon, Dec 9, 2019 at 2:39 PM Bernhard M. Wiedemann
wrote:
> TLDR:
> The goal of reproducible builds is to reduce the likelyhood of running
> software that was corrupted (during build)
I agree this is the primary/ultimate goal.
As a software developer, I have a closely related but somewhat smal
On Mon, Dec 09, 2019 at 01:44:11PM +, Orians, Jeremiah (DTMB) wrote:
> > TLDR:
> > The goal of reproducible builds is to reduce the likelyhood of running
> > software that was corrupted (during build)
>
> Absolutely correct.
> For those that worry about the trusting trust attack, we have boot
> I'm not absolutely convinced that reproducible builds does not help with the
> trusting trust attack.
Well one wouldn't want to help the trusting trust attack, one tries to defend
one's self against it
> It all boils down as to where did a backdooring compiler come from, and how
> is it back
On Mon, Dec 09, 2019 at 03:08:28PM +, Orians, Jeremiah (DTMB) wrote:
> > I'm not absolutely convinced that reproducible builds does not help with
> > the trusting trust attack.
> Well one wouldn't want to help the trusting trust attack, one tries to defend
> one's self against it
If you squ
Am 09.12.19 um 16:50 schrieb Santiago Torres-Arias:
>>> It all boils down as to where did a backdooring compiler come from, and how
>>> is it backdooring the build.
>> Backdooring a compiler can be as simple as adding an optimization without
>> fully understanding the impact
>> (See GCC optimizat
Hi all,
Please review the draft for November's Reproducible Builds report:
https://salsa.debian.org/reproducible-builds/reproducible-website/blob/master/_reports/2019-11.md
I intend to publish it no earlier than:
$ date -d 'Thu, 12 Dec 2019 14:30:00 +'
https://time.is/compare/1430_1
I personally joined the project because I'm interested in independent
verification of binaries, from the point of view as both a publisher and
a user of binaries.
While I think the other efforts are very valid and important as well and
efforts building on top of each other, I'd rather keep this pr
On 11/30/19 8:20 AM, Holger Levsen wrote:
>> We added a pip install macro to handle python's wheel (.whl) files
>> without creating unreproducible .pyc files
>> https://bugzilla.opensuse.org/show_bug.cgi?id=1094323
>
> wow, cool, that might be something for Archlinux...!
I don't believe this is r
10 matches
Mail list logo
