[Replicant] Fwd: [Dev] Fwd: First Reproducible Builds Summit

nicolasmaia at tutanota.com nicolasmaia at tutanota.com
Thu Dec 10 02:59:12 UTC 2015


Nicolas Maia
--
Enviado seguramente pelo Tutanota. Torne sua caixa de correio criptografada 
hoje mesmo!https://tutanota.com

Data: 9. Dez 2015 10:37
De: fauno at endefensadelsl.org
Para: dev at lists.parabola.nu
Assunto: [Dev] Fwd: First Reproducible Builds Summit


> First Reproducible Builds Summit
> https://guardianproject.info/2015/12/09/first-reproducible-builds-summit
>
> I was just in Athens for the “> Reproducible BuildsSummit> “, an> 
> Aspiration> -run meeting focused on theissues of getting all software 
> builds to be reproducible. This meansthat anyone starting with the same 
> source code can build the > exact> same binary, bit-for-bit. At first 
> glance, it sounds like this horrible,arcane detail, which it is really. But 
> it provides tons on real benefitsthat can save lots of time. And in terms 
> of programming, it can actuallybe quite fun, like doing a puzzle or sudoku, 
> since there is a very clearpoint where you have “won”.
>
> Here are some examples of real benefits:
> makes it easy to ensure no malware was inserted into software duringthe 
> build process (e.g. the XCodeGhost malware we just saw)> provides a QA tool 
> to make sure that changes in the source code of aproject produce only the 
> expected results> allows F-Droid to use the developer’s APK signature while 
> stillverifying that apps build from 100% free software> make it possible to 
> optimize and profile build processes whileguaranteeing the results are 
> exactly the same> for large projects, it can greatly speed up the build 
> process (thinkrebuilding Gmail)
> Represented there was: > Debian> , Google,> FreeBSD> , > Fedora> ,> 
> F-Droid> ,\ > Homebrew> , > MacPorts> ,> NetBSD> , > ArchLinux> ,> 
> Coreboot> , > OpenWRT> ,and a bunch of other\ projects like an automotive 
> Linux distro called> Baserock> , the> Guix>  package manager, a Linuxdistro 
> called > NixOS> ,> Haskell>  hackers, etc.
>
> The organizers are already planning a second meeting, probably in Aprilin 
> Western Europe, and are looking to get more projects involved. Lotsof 
> people were talking about how it would be great to get some AndroidROM 
> developers involved. So if you are a contributor to CyanogenMod,Copperhead, 
> > OmniROM> ,> Replicant> , Blackphone, etc. and would beinterested in 
> attending, please let us know!
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20151210/95359bf5/attachment-0001.html>
-------------- next part --------------
-------------------- End of forwarded message --------------------
-------------- next part --------------
_______________________________________________
Dev mailing list
Dev at lists.parabola.nu
https://lists.parabola.nu/mailman/listinfo/dev
-------------- next part --------------
First Reproducible Builds Summit
================================

https://guardianproject.info/2015/12/09/first-reproducible-builds-summit/

I was just in Athens for the “[Reproducible Builds
Summit](https://reproducible-builds.org/events/athens2015/)“, an
[Aspiration](https://aspirationtech.org/)-run meeting focused on the
issues of getting all software builds to be reproducible. This means
that anyone starting with the same source code can build the *exact*
same binary, bit-for-bit. At first glance, it sounds like this horrible,
arcane detail, which it is really. But it provides tons on real benefits
that can save lots of time. And in terms of programming, it can actually
be quite fun, like doing a puzzle or sudoku, since there is a very clear
point where you have “won”.

Here are some examples of real benefits:

-   makes it easy to ensure no malware was inserted into software during
    the build process (e.g. the XCodeGhost malware we just saw)
-   provides a QA tool to make sure that changes in the source code of a
    project produce only the expected results
-   allows F-Droid to use the developer’s APK signature while still
    verifying that apps build from 100% free software
-   make it possible to optimize and profile build processes while
    guaranteeing the results are exactly the same
-   for large projects, it can greatly speed up the build process (think
    rebuilding Gmail)

Represented there was: [Debian](http://https//www.debian.org), Google,
[FreeBSD](https://www.freebsd.org/), [Fedora](https://getfedora.org/),
[F-Droid](https://f-droid.org),\
 [Homebrew](http://brew.sh/), [MacPorts](https://www.macports.org/),
[NetBSD](https://www.netbsd.org/), [Arch
Linux](https://www.archlinux.org/),
[Coreboot](https://www.coreboot.org/), [OpenWRT](https://openwrt.org/),
and a bunch of other\
 projects like an automotive Linux distro called
[Baserock](https://wiki.baserock.org/), the
[Guix](https://www.gnu.org/software/guix/) package manager, a Linux
distro called [NixOS](https://nixos.org/),
[Haskell](https://www.haskell.org/) hackers, etc.

The organizers are already planning a second meeting, probably in April
in Western Europe, and are looking to get more projects involved. Lots
of people were talking about how it would be great to get some Android
ROM developers involved. So if you are a contributor to CyanogenMod,
Copperhead, [OmniROM](https://omnirom.org/),
[Replicant](http://www.replicant.us/), Blackphone, etc. and would be
interested in attending, please let us know!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20151210/95359bf5/attachment-0001.asc>


More information about the Replicant mailing list