<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Daniel Shahaf pushed to branch master

at <a href="https://salsa.debian.org/reproducible-builds/reproducible-website">Reproducible Builds / reproducible-website</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/2414627b7e6e6e0c0c79deb6ec97650c7baa9d64">2414627b</a></strong>

<div>

<span>by Daniel Shahaf</span>

<i>at 2021-04-07T13:20:51+00:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">2021-03: sigstore: Restore the announcement link, and remove the quote from it which no longer follows from the paragraph preceding it.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#3393d43faf4de0e437a4a2d103125a64a3076911">

_reports/2021-03.md

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="3393d43faf4de0e437a4a2d103125a64a3076911">

<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/2414627b7e6e6e0c0c79deb6ec97650c7baa9d64#3393d43faf4de0e437a4a2d103125a64a3076911"><strong>_reports/2021-03.md</strong></a>

<hr>

<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" id="" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="18" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="18" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -18,9 +18,7 @@ In our monthly reports, we try to outline the most important things that have ha</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="18" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

18

</td>

<td class="new_line diff-line-num" data-linenumber="18" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

18

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC18" class="line" lang="markdown"></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="19" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

19

</td>

<td class="new_line diff-line-num" data-linenumber="19" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

19

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC19" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">F-Droid</span><span class="p">](</span><span class="sx" style="color: #d14;">https://www.f-droid.org/</span><span class="p">)</span> is a large repository of open source applications for the Google Android platform. This month, Felix C. Stegerman announced <span class="p">[</span><span class="nv" style="color: #008080;">*apksigcopier*</span><span class="p">](</span><span class="sx" style="color: #d14;">https://github.com/obfusk/apksigcopier</span><span class="p">)</span>, a new tool for copying signatures for <span class="sb" style="color: #d14;">`.apk`</span> files from a signed <span class="sb" style="color: #d14;">`.apk`</span> file to an unsigned one which is necessary in order to verify reproducibly of F-Droid components. Felix  filed an <span class="p">[</span><span class="nv" style="color: #008080;">Intent to Package (ITP)</span><span class="p">](</span><span class="sx" style="color: #d14;">https://wiki.debian.org/ITP</span><span class="p">)</span> bug in Debian to include it in that distribution, too (<span class="p">[</span><span class="nv" style="color: #008080;">#986179</span><span class="p">](</span><span class="sx" style="color: #d14;">https://bugs.debian.org/986179</span><span class="p">)</span>).</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="20" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

20

</td>

<td class="new_line diff-line-num" data-linenumber="20" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

20

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC20" class="line" lang="markdown"></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="21" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

21

</td>

<td class="new_line diff-line-num old" data-linenumber="21" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC21" class="line" lang="markdown">On 9th March, the Linux Foundation announced the <span class="p">[</span><span class="nv" style="color: #008080;">*sigstore*</span><span class="p">](</span><span class="sx" style="color: #d14;">https://sigstore.dev/what_is_sigstore/#what-is-sigstore</span><span class="p">)</span> project, which is a centralized service that allows developers to cryptographically sign and store signatures for release artifacts. It also attempts to help developers who don't wish to manage their own signing keypairs simplify signing their releases.</span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

22

</td>

<td class="new_line diff-line-num old" data-linenumber="21" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC22" class="line" lang="markdown"></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="23" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

23

</td>

<td class="new_line diff-line-num old" data-linenumber="21" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC23" class="line" lang="markdown"><span class="gt" style="color: #a00;">> sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community.</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="24" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="21" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

21

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC21" class="line" lang="markdown">On 9th March, the Linux Foundation <span class="p">[</span><span class="nv" style="color: #008080;">announced</span><span class="p">](</span><span class="sx" style="color: #d14;">https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/</span><span class="p">)</span> the <span class="p">[</span><span class="nv" style="color: #008080;">*sigstore*</span><span class="p">](</span><span class="sx" style="color: #d14;">https://sigstore.dev/what_is_sigstore/#what-is-sigstore</span><span class="p">)</span> project, which is a centralized service that allows developers to cryptographically sign and store signatures for release artifacts. It also attempts to help developers who don't wish to manage their own signing keypairs simplify signing their releases.</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="24" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

24

</td>

<td class="new_line diff-line-num" data-linenumber="22" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

22

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC22" class="line" lang="markdown"></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="25" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

25

</td>

<td class="new_line diff-line-num" data-linenumber="23" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

23

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC23" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">![</span><span class="p">](</span><span class="sx" style="color: #d14;">{{</span> <span class="nn" style="color: #555;">"/images/reports/2021-03/openssf.png#right"</span> | relative_url }})](https://openssf.org/)</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="26" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

26

</td>

<td class="new_line diff-line-num" data-linenumber="24" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

24

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC24" class="line" lang="markdown"></span>

</pre>

</td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/2414627b7e6e6e0c0c79deb6ec97650c7baa9d64">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/2414627b7e6e6e0c0c79deb6ec97650c7baa9d64"}}</script>

</p>

</div>

</body>

</html>