, that sounds tricky. However, my experience with Java/Maven is that it is
often possible to achieve reproducibility across operating systems: artifacts
built on MacOS can often be rebuilt on Linux and vice-versa, so perhaps the
same is also true for Windows?
Kind regards,
--
Arnout Engelen
Engelen Open Source
https://engelen.eu
ithub.com/NixOS/nixpkgs/pull/107625)
Kind regards,
--
Arnout Engelen
Engelen Open Source
https://engelen.eu
On Thu, Mar 2, 2023, at 02:09, John Gilmore wrote:
> I have been surprised at how much effort has gone into "diffoscope" as a
> total fraction of the Reproducible Builds effort.
How do you know?
> Perhaps it is a case
> akin to the drunk looking for his keys under the streetlight where he
> can
On Sun, Nov 13, 2022, at 23:50, kpcyrd wrote:
> https://r13y.com/
This indeed does 'verification builds': it builds locally and compares against
the main binary cache (https://cache.nixos.org/)
Kind regards,
Arnout
On Tue, May 12, 2020 at 11:00 PM Paul Spooren wrote:
> The *rebuilders* try to recreate offered binaries following the
> upstream build process as close as necessary.
>
> To make the results accessible, store-able and create tools around them,
> they
> should all follow the same schema, hello
On Fri, Apr 3, 2020 at 1:06 PM Julien Lepiller wrote:
> something that could help guix is a relation groupid/artifactid -> source
This is indeed an interesting topic.
Artifacts published under a groupid/artifactid typically have a
pom.xml with an 'scm' section pointing to the sources (for
On Mon, Dec 9, 2019 at 2:39 PM Bernhard M. Wiedemann
wrote:
> TLDR:
> The goal of reproducible builds is to reduce the likelyhood of running
> software that was corrupted (during build)
I agree this is the primary/ultimate goal.
As a software developer, I have a closely related but somewhat
On Wed, Jun 19, 2019 at 12:29 PM Lars Wirzenius wrote:
> On Sun, May 19, 2019 at 01:09:40PM +0300, Lars Wirzenius wrote:
> * One of the things I'm exploring is ways to have a "distributed CI",
> where CI build workers can be provided by anyone.
On Thu, Apr 18, 2019 at 1:20 PM Arnout Engelen wrote:
> I can successfully independently reproduce most of the artifacts built
> with Scala 2.13.0-M5
More good news: I just verified I could successfully reproduce all the
published artifacts built with Scala 2.12.8, the latest stable
On Thu, Apr 4, 2019 at 9:02 PM Vagrant Cascadian
wrote:
> I think merging the two might be appropriate in some way. The front page
> text addresses two points that I think still belong on the front page,
> notably "independently verifiable" as well as "software development
> practices".
>
> The
On Mon, Jan 7, 2019 at 9:27 AM Hervé Boutemy wrote:
>
Agreed with basically everything above ;)
> > - What exactly gets PGP-signed? (The binary artifact? The buildinfo?
> > If the latter, how does one then establish trust in the binary
> > artifact?)
> good question:
> the rebuilders's
8 at 3:08 PM Hervé Boutemy wrote:
Le dimanche 23 décembre 2018, 14:01:47 CET Arnout Engelen a écrit :
I think it would make sense to upload your own uniquely-named
> > buildinfo and accompanying signature to a separate
> > "certification/attestation repository&quo
; > Le dimanche 23 décembre 2018, 13:57:16 CET Arnout Engelen a écrit :
> > > On Sat, Dec 22, 2018 at 7:17 PM Hervé BOUTEMY
> > > wrote:
> > > > > I do think we should include the
> > > > > 'classifier' field, if any, though.
> > >
On Sat, Dec 22, 2018 at 6:37 PM Hervé Boutemy wrote:
> Le samedi 22 décembre 2018, 11:22:57 CET Arnout Engelen a écrit :
> > On Sat, Dec 22, 2018 at 6:46 AM Hervé Boutemy wrote:
> > > IMHO, a first step is to have us be able to rebuild packages from each
> > >
On Sat, Dec 22, 2018 at 7:23 AM Hervé Boutemy wrote:
> After Arnout's excellent PoC [1], I'd like to discuss the buildinfo content
> based on reviewing current example:
> > name=stamina-core
> > group_id=com.scalapenos
> > artifact_id=stamina-core_2.12
> > version=0.1.5-SNAPSHOT
> ok, same
On Sat, Dec 22, 2018 at 6:46 AM Hervé Boutemy wrote:
> Le jeudi 20 décembre 2018, 19:13:48 CET Arnout Engelen a écrit :
> > https://oss.sonatype.org/content/repositories/snapshots/com/scalapenos/stam
> > ina-core_2.12/0.1.5-SNAPSHOT/
>
> There is only one key poin
from the original "official" build info.
> Le mardi 27 novembre 2018, 12:26:33 CET Arnout Engelen a écrit :
> > On Tue, Nov 27, 2018 at 9:58 AM Hervé BOUTEMY wrote:
> > > Yes, the Buildinfo seems an interesting part to work together.
> > >
> > > I'm qui
On Wed, Dec 5, 2018 at 2:59 PM Holger Levsen wrote:
> On Wed, Dec 05, 2018 at 02:49:24PM +0100, Arnout Engelen wrote:
> > I have no particular love
> > for XML, JSON or YAML, to be quite honest. What would you think
> > about a good old '.properties' file?
>
> th
eems reasonable to me.
Arnout
> Le lundi 26 novembre 2018, 09:40:44 CET Arnout Engelen a écrit :
> > On Mon, Nov 26, 2018 at 9:08 AM Hervé Boutemy wrote:
> > > A few years ago, the work on this started and I created a Wiki page [1] at
> > > Maven to try to consoli
19 matches
Mail list logo
