<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

James Addison pushed to branch master at <a href="https://salsa.debian.org/reproducible-builds/reproducible-website">Reproducible Builds / reproducible-website</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350">4e76ebcf</a></strong>

<div>

<span> by James Addison </span> <i> at 2024-05-08T23:48:49+01:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>2024-04: balancing for both double-quotes and backticks (single-quotes seem fine).

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

1 changed file:

</h4>

<ul>

<li class="file-stats">

<a href="#a24d9d9bcd68f1c3f6a5d7b422c21d867935d78d">

_reports/2024-04.md

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="a24d9d9bcd68f1c3f6a5d7b422c21d867935d78d">

<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350#a24d9d9bcd68f1c3f6a5d7b422c21d867935d78d"><strong style="font-weight: bold;">_reports/2024-04.md</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="68" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="68" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(31,30,36,0.24); padding: inherit;" bgcolor="#fbfafd">@@ -68,7 +68,7 @@ On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="68" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

68

</td>

<td class="new_line diff-line-num" data-linenumber="68" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

68

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC68" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="69" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

69

</td>

<td class="new_line diff-line-num" data-linenumber="69" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

69

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC69" class="line" lang="markdown"><span class="p">*</span> Chris Lamb asked the list which conferences readers are attending these days: "After peak Covid and other industry-wide changes, conferences are no longer the 'must attend' events they previously were… especially in the area of software supply-chain security. In rough, practical terms, it seems harder to justify conference travel today than it did in mid-2019." The thread generated a <span class="p">[</span><span class="nv" style="color: #008080;">number of responses</span><span class="p">](</span><span class="sx" style="color: #d14;">https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/thread.html#3370</span><span class="p">)</span> which would be of interest to anyone planning travel in Q3 and Q4 of 2024.</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="70" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

70

</td>

<td class="new_line diff-line-num" data-linenumber="70" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

70

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC70" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="71" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

71

</td>

<td class="new_line diff-line-num old" data-linenumber="71" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC71" class="line" lang="markdown"><span class="p">*</span> James Addison wrote to the list about a <span class="p">[</span><span class="nv" style="color: #008080;">"quirk" in Git related to its `core.autocrlf` functionality</span><span class="p">](</span><span class="sx" style="color: #d14;">https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/003385.html</span><span class="p">)</span>, thus helpfully passing on a "slightly off-topic and perhaps not of direct relevance to anyone on the list today" note that might still be "the kind of issue that is useful to be aware of if-and-when puzzling over unexpected git content / checksum issues (situations that I _do_ expect people on this list encounter from time-to-time).</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="72" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="71" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

71

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span id="LC71" class="line" lang="markdown"><span class="p">*</span> James Addison wrote to the list about a <span class="p">[</span><span class="nv" style="color: #008080;">"quirk" in Git related to its `core.autocrlf` functionality</span><span class="p">](</span><span class="sx" style="color: #d14;">https://lists.reproducible-builds.org/pipermail/rb-general/2024-April/003385.html</span><span class="p">)</span>, thus helpfully passing on a "slightly off-topic and perhaps not of direct relevance to anyone on the list today" note that might still be "the kind of issue that is useful to be aware of if-and-when puzzling over unexpected git content / checksum issues (situations that I _do_ expect people on this list encounter from time-to-time)<span class="idiff left right addition" style="background-color: #c7f0d2;">"</span>.</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="72" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

72

</td>

<td class="new_line diff-line-num" data-linenumber="72" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

72

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC72" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="73" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

73

</td>

<td class="new_line diff-line-num" data-linenumber="73" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

73

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC73" class="line" lang="markdown"><span class="nt" style="color: #000080;"><br></span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="74" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

74

</td>

<td class="new_line diff-line-num" data-linenumber="74" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

74

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC74" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="76" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="76" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(31,30,36,0.24); padding: inherit;" bgcolor="#fbfafd">@@ -76,7 +76,7 @@ On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="76" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

76

</td>

<td class="new_line diff-line-num" data-linenumber="76" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

76

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC76" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="77" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

77

</td>

<td class="new_line diff-line-num" data-linenumber="77" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

77

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC77" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">Simon Josefsson</span><span class="p">](</span><span class="sx" style="color: #d14;">https://blog.josefsson.org/</span><span class="p">)</span> wrote on his blog this month that, going forward, the <span class="p">[</span><span class="nv" style="color: #008080;">`libntlm`</span><span class="p">](</span><span class="sx" style="color: #d14;">https://gitlab.com/gsasl/libntlm/</span><span class="p">)</span> project will now be releasing what they call "<span class="p">[</span><span class="nv" style="color: #008080;">minimal source-only tarballs</span><span class="p">](</span><span class="sx" style="color: #d14;">https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/</span><span class="p">)</span>":</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="78" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

78

</td>

<td class="new_line diff-line-num" data-linenumber="78" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

78

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC78" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="79" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

79

</td>

<td class="new_line diff-line-num old" data-linenumber="79" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC79" class="line" lang="markdown"><span class="gt" style="color: #a00;">> The [XZUtils incident](https://en.wikipedia.org/wiki/XZ_Utils_backdoor) illustrate that tarballs with files that are not included in the git archive offer an opportunity to disguise malicious backdoors. [The] risk of hiding malware is not the only motivation to publish signed minimal source-only tarballs. With pre-generated content in tarballs, there is a risk that GNU/Linux distributions [ship] generated files coming from the tarball into the binary `*.deb` or `*.rpm` package file. Typically the person packaging the upstream project never realized that some installed artifacts was not re-built[.]<span class="idiff left right deletion" style="background-color: #fac5cd;">"</span></span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="80" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="79" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

79

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span id="LC79" class="line" lang="markdown"><span class="gt" style="color: #a00;">> The [XZUtils incident](https://en.wikipedia.org/wiki/XZ_Utils_backdoor) illustrate that tarballs with files that are not included in the git archive offer an opportunity to disguise malicious backdoors. [The] risk of hiding malware is not the only motivation to publish signed minimal source-only tarballs. With pre-generated content in tarballs, there is a risk that GNU/Linux distributions [ship] generated files coming from the tarball into the binary `*.deb` or `*.rpm` package file. Typically the person packaging the upstream project never realized that some installed artifacts was not re-built[.]</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="80" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

80

</td>

<td class="new_line diff-line-num" data-linenumber="80" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

80

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC80" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="81" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

81

</td>

<td class="new_line diff-line-num" data-linenumber="81" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

81

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC81" class="line" lang="markdown">Simon's <span class="p">[</span><span class="nv" style="color: #008080;">post</span><span class="p">](</span><span class="sx" style="color: #d14;">https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/</span><span class="p">)</span> goes into further details how this was achieved, and describes some potential caveats and counters some expected responses as well. A shorter version can be found in the announcement for the <span class="p">[</span><span class="nv" style="color: #008080;">1.8 release of `libntlm`</span><span class="p">](</span><span class="sx" style="color: #d14;">https://lists.nongnu.org/archive/html/libntlm/2024-04/msg00000.html</span><span class="p">)</span>.</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="82" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

82

</td>

<td class="new_line diff-line-num" data-linenumber="82" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

82

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC82" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="114" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="114" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(31,30,36,0.24); padding: inherit;" bgcolor="#fbfafd">@@ -114,7 +114,7 @@ In addition, Bernhard M. Wiedemann published [`theunreproduciblepackage`](https:</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="114" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

114

</td>

<td class="new_line diff-line-num" data-linenumber="114" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

114

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC114" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="115" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

115

</td>

<td class="new_line diff-line-num" data-linenumber="115" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

115

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC115" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">![</span><span class="p">](</span><span class="sx" style="color: #d14;">{{</span> <span class="nn" style="color: #555;">"/images/reports/2024-04/guix.png#right"</span> | relative_url }})](https://www.gnu.org/software/guix/)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="116" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

116

</td>

<td class="new_line diff-line-num" data-linenumber="116" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

116

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC116" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="117" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

117

</td>

<td class="new_line diff-line-num old" data-linenumber="117" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC117" class="line" lang="markdown">In GNU Guix, Janneke Nieuwenhuizen submitted a patch set for creating a reproducible source tarball for Guix. That is to say, ensuring that <span class="sb" style="color: #d14;">`make dist<span class="idiff left right deletion" style="background-color: #fac5cd;">'</span> is reproducible when run from Git.&nbsp;[[…](https://issues.guix.gnu.org/70169/)]</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="118" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="117" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

117

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span id="LC117" class="line" lang="markdown">In GNU Guix, Janneke Nieuwenhuizen submitted a patch set for creating a reproducible source tarball for Guix. That is to say, ensuring that <span class="sb" style="color: #d14;">`make dist<span class="idiff left right addition" style="background-color: #c7f0d2;">`</span></span> is reproducible when run from Git.<span class="ni" style="color: #800080;">&nbsp;</span><span class="p">[</span><span class="nv" style="color: #008080;">[…</span><span class="p">](</span><span class="sx" style="color: #d14;">https://issues.guix.gnu.org/70169/</span><span class="p">)</span>]</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="118" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

118

</td>

<td class="new_line diff-line-num" data-linenumber="118" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

118

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC118" class="line" lang="markdown"></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="119" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

119

</td>

<td class="new_line diff-line-num" data-linenumber="119" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

119

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC119" class="line" lang="markdown"><span class="p">[</span><span class="nv" style="color: #008080;">![</span><span class="p">](</span><span class="sx" style="color: #d14;">{{</span> <span class="nn" style="color: #555;">"/images/reports/2024-04/fedora.png#right"</span> | relative_url }})](https://fedoraproject.org/)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="120" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

120

</td>

<td class="new_line diff-line-num" data-linenumber="120" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

120

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #333238; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC120" class="line" lang="markdown"></span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #737278;">

—

<br>

<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4e76ebcf13015988ab5716b0e4323da1c268c350"}}</script>

</p>

</div>

</body>

</html>