<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Exchange Server">

<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>

</head>

<body>

<meta content="text/html; charset=UTF-8">

<style type="text/css" style="">

<!--

p

        {margin-top:0;

        margin-bottom:0}

-->

</style>

<div dir="ltr">

<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Garamond,Georgia,serif">

<p>Hi all,</p>

<p><br>

</p>

<p>I tend to follow the definition that is stated in <a href="https://ieeexplore.ieee.org/abstract/document/9403390" class="x_OWAAutoLink"><span>Reproducible Builds: Increasing the Integrity of Software Supply Chains</span></a>: "The build process of a software

 product is reproducible if, after designating a specific version of its source code and all of its build dependencies, every build produces bit-for-bit identical artifacts, no matter the environment in which the build is performed."<br>

</p>

<p><br>

</p>

<p>The difference between the definition proposed on OpenSSF and the above is the usage of the "environment".</p>

<ol style="margin-bottom:0px; margin-top:0px">

<li>The definition above claims that build should be reproducible regardless of environment.</li><li>Definition on OpenSFF claims that build should take "build environment" in account to be reproducible.</li></ol>

<div><br>

</div>

<div>But I believe, environment in the first definition refers to environment in general (OS, Architecture for examples) , while in the second refers to build tools used (compilers for example).

</div>

<div><br>

</div>

<div id="x_Signature">

<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif,"EmojiFont","Apple Color Emoji","Segoe UI Emoji",NotoColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbols">

<div id="x_m_4935352394101912768Signature">

<div name="x_divtagdefaultwrapper"><font size="2" color="#808080"><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)"><span id="x_divtagdefaultwrapper" style="font-size:12pt">

<div style="margin-top:0; margin-bottom:0"><span style="color:rgb(0,0,0); font-family:Garamond,Georgia,serif">Regards,</span></div>

<span style="font-family:Garamond,Georgia,serif"></span><span style="font-family:Garamond,Georgia,serif"></span><span style="color:rgb(0,0,0)"></span><span style="font-family:Garamond,Georgia,serif"></span><span style="font-family:Garamond,Georgia,serif"></span>

<div style="margin-top:0; margin-bottom:0"><span style="color:rgb(0,0,0); font-family:Garamond,Georgia,serif">Aman Sharma</span></div>

</span><br>

</span></font></div>

<div name="x_divtagdefaultwrapper"><font size="2" color="#808080"><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)"></span><span class="x_im">PhD Student<br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">

<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)">KTH Royal Institute of Technology</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">

</span><span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)">School of Electrical Engineering and Computer Science (EECS)</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">

<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)">Department of Theoretical Computer Science (TCS)</span><br style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif">

<span style="font-family:Arial,"Helvetica Neue",helvetica,sans-serif; background-color:rgb(255,255,255)"><a href="http://www.kth.se" target="_blank" id="LPNoLP"></a><a href="https://www.kth.se/profile/amansha" class="x_OWAAutoLink" id="LPNoLP"></a><a href="https://www.kth.se/profile/amansha" class="x_OWAAutoLink" id="LPNoLP"></a></span></font></div>

</div>

<a href="https://www.kth.se/profile/amansha" class="x_OWAAutoLink" id="LPNoLP"><span style="font-size:10pt"></span></a><a href="https://algomaster99.github.io/" class="x_OWAAutoLink" id="LPNoLP">https://algomaster99.github.io/</a><br>

</div>

</div>

</div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> rb-general <rb-general-bounces@lists.reproducible-builds.org> on behalf of David A. Wheeler via rb-general <rb-general@lists.reproducible-builds.org><br>

<b>Sent:</b> Tuesday, April 22, 2025 5:37:50 PM<br>

<b>To:</b> General discussions about reproducible builds<br>

<b>Cc:</b> David A. Wheeler<br>

<b>Subject:</b> "Reproducible build" definition in OpenSSF glossary</font>

<div> </div>

</div>

</div>

<font size="2"><span style="font-size:10pt;">

<div class="PlainText">The OpenSSF is building a "glossary" set (so we consistently use the<br>

same meaning for the same term), and I drafted a definition for "reproducible build"<br>

based on this group:<br>

<br>

<a href="https://glossary.openssf.org/reproducible-build/">https://glossary.openssf.org/reproducible-build/</a><br>

<br>

If there's an issue please let me know!<br>

<br>

--- David A. Wheeler<br>

<br>

</div>

</span></font>

</body>

</html>