Hello everyone,
It looks like reproducibility is not only a means of protection against
supply chain attacks, but also an important prerequisite for producing
trustable binaries in general.
It is crucial e.g. when the amount of a priori trust in computer systems
is to be reduced by use of
On 23/11/2023 17.53, Ludovic Courtès wrote:
The implementations are also very different: for instance, Chez
implements a native ahead-of-time compiler whereas Guile has bytecode
compilation plus just-in-time compilation. Thus problems and solutions
for one implementation are unlikely to
Hello Bernhard,
"Bernhard M. Wiedemann via rb-general"
skribis:
> in openSUSE there are some packages that so far refuse to build
> reproducibly. The common theme around them is that they use scheme or
> lisp to produce binaries with a 'dump' command.
I think this practice is vanishing. For
Hi,
in openSUSE there are some packages that so far refuse to build
reproducibly. The common theme around them is that they use scheme or
lisp to produce binaries with a 'dump' command.
e.g. for scheme48 I extracted this reproducer:
pushd ~/rpmbuild/BUILD/scheme48-*/ps-compiler
../go -h