[Git][reproducible-builds/reproducible-website][master] 2 commits: Add DebConf presentations to resources page.

Chris Lamb gitlab at salsa.debian.org
Sun Aug 5 02:51:39 CEST 2018


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
608b904c by Chris Lamb at 2018-08-05T00:51:25Z
Add DebConf presentations to resources page.

- - - - -
458812d7 by Chris Lamb at 2018-08-05T00:51:32Z
171: Initial draft.

- - - - -


2 changed files:

- _blog/posts/171.md
- _data/presentations.yml


Changes:

=====================================
_blog/posts/171.md
=====================================
--- a/_blog/posts/171.md
+++ b/_blog/posts/171.md
@@ -1,40 +1,58 @@
-* Bernhard M. Wiedemann proposed toolchain patches
-    * to [rpm](https://github.com/rpm-software-management/rpm/pull/485) to have determinism in the process of stripping debuginfo into separate packages
-    * to [gzip](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32342) to make `tar -cz` output reproducible on the gzip side. Might also help with compressed man-pages. This was merged by gzip upstream.
+---
+layout: blog
+week: 171
+---
 
-* h01ger added a logo to https://salsa.debian.org/reproducible-builds
-* vagrant prepared a fixed dpkg package based on guillems work
-* h01ger uploaded vagrant's dpkg package (but the process changed with the salsa move and some perms are wrong, and docuemntaion is lacking.)
-* h01ger reenabled testing sid and experimental again after these changes
-* https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html is also there now
-  (Civil Infrastructure Plattform packages and their build depends are there too)
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday July 29 and Saturday August 4 2018:
 
+* Recently the default GCC version in Debian `unstable` moved from GCC 7 to GCC 8. As outlined in our two previous reports ([#168](https://reproducible-builds.org/blog/posts/169) & [#169](https://reproducible-builds.org/blog/posts/169)) as we had not updated our build path patches, it was resulting in a large number of packages becoming unreproducible in our testing framework. Accordingly ,Holger temporarily disabled the scheduling of packages in `unstable` and `experimental`.
+
+  However, this week Vagrant Cascadian worked with Guillem Jover on an update to [dpkg](https://wiki.debian.org/dpkg) to pass a different set of build flags to GCC which Holger installed in our testing framework and re-enabled testing.
+
+* Last week, Chris Lamb performed a [Non Maintainer Upload](https://wiki.debian.org/NonMaintainerUpload) (NMU) in Debian of the [GNU mtools](https://www.gnu.org/software/mtools/) package in order to address two reproducibility-related bugs ([#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410)) that were blocking work on making the installation images bit-for-bit reproducible. This week, the [DELAYED](https://lists.debian.org/debian-devel/2004/02/msg00887.html) upload was finally [accepted into the archive](https://tracker.debian.org/news/977829/accepted-mtools-4018-21-source-amd64-into-unstable/) and the [corresponding merge request](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) was updated.
+
+* A number of Reproducible Builds team were presenting at [DebConf18](https://debconf18.debconf.org/) the annual Debian Developers conference. Benjamin Hof gave a talk titled [Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" and there was also a status update from the team entitled "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)". These, and many more talks, are available [Resources](https://reproducible-builds.org/resources/) section of our website.
+
+* Holger added the [Civil Infrastructure Plattform](https://www.cip-project.org/)'s key package list and their build-dependencies [to our testing framework](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html)
+
+* Santiago Torres sent a [reminder that there's a reproducible builds IRC meeting](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001095.html) on the [21th of August at 16:00 UTC](https://time.is/compare/1600_21_Aug_2018_in_UTC).
+
+* There were a number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](tests.reproducible-builds.org), including work by Holger Levsen cleaning up some disk space ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/a1573216), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/415feb9e) & [333](https://salsa.debian.org/qa/jenkins.debian.net/commit/9f7103b7)) and Mattia Rizollo [tidyingthe node health page](https://salsa.debian.org/qa/jenkins.debian.net/commit/fd6639d1). Holger Levsen also added our new logo to our [group on salsa.debian.org](https://salsa.debian.org/reproducible-builds).
+
+* Finally, 38 package reviews updated and 62 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
 
 
 Upstream work
 -------------
 
-* Bernhard M. Wiedemann:
-
-    * [rpm](https://github.com/rpm-software-management/rpm/pull/485) (sort `readdir(2)` / `find(1)` output)
-    * [gzip](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32342) (merged, date, also helps `tar -cz`)
-    * [openSUSE/build-compare](https://github.com/openSUSE/build-compare/pull/27) (erroneously reported jar files as identical)
-    * [pcp](https://github.com/performancecopilot/pcp/pull/540) (merged, tar.gz)
-    * [pcp](https://github.com/performancecopilot/pcp/pull/541) (merged, date)
-    * [alex](https://build.opensuse.org/request/show/626133) (drop config.log)
-    * [xrdp](https://build.opensuse.org/request/show/627105) (drop random unused private key pem)
-    * [nauty](https://build.opensuse.org/request/show/626134) (CPU-detection)
-    * [moarvm](https://build.opensuse.org/request/show/626135) (CPU-detection)
-    * [pocl](https://build.opensuse.org/request/show/626138) (CPU-detection)
-    * [graphviz](https://build.opensuse.org/request/show/626475) (compile-time benchmarking)
-    * [libdnet](https://build.opensuse.org/request/show/626786) (sort `readdir(2)`)
-    * [fontforge](https://build.opensuse.org/request/show/626785) (date)
-    * [opa-ff](https://build.opensuse.org/request/show/626787) (date)
-    * [tbb](https://build.opensuse.org/request/show/626788) (date)
-    * [python-restkit](https://build.opensuse.org/request/show/627312) (date)
-    * [wsmancli](https://build.opensuse.org/request/show/627319) (date)
-    * [yudit](http://yudit.org/download/patch-src/yudit-2.9.6.patch2.txt) (accepted, date)
-    * [chrony](https://build.opensuse.org/request/show/626940) (version update to 3.3 to fix date)
-    * [gdm](https://build.opensuse.org/request/show/626691) (race)
-
-* [FIXME](https://tracker.debian.org/news/977829/accepted-mtools-4018-21-source-amd64-into-unstable/)
+Bernhard M. Wiedemann proposed toolchain patches to:
+
+* [rpm](https://github.com/rpm-software-management/rpm/pull/485) to have determinism in the process of stripping debuginfo into separate packages
+* [gzip](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32342) to make `tar -cz` output reproducible on the gzip side. This might also help with compressed `man-pages` and merged by `gzip` upstream.
+
+In addition, Bernhard M. Wiedemann worked on:
+
+* [alex](https://build.opensuse.org/request/show/626133) (drop config.log)
+* [chrony](https://build.opensuse.org/request/show/626940) (version update to 3.3 to fix date)
+* [fontforge](https://build.opensuse.org/request/show/626785) (date)
+* [gdm](https://build.opensuse.org/request/show/626691) (race)
+* [graphviz](https://build.opensuse.org/request/show/626475) (compile-time benchmarking)
+* [libdnet](https://build.opensuse.org/request/show/626786) (sort `readdir(2)`)
+* [moarvm](https://build.opensuse.org/request/show/626135) (CPU detection)
+* [nauty](https://build.opensuse.org/request/show/626134) (CPU detection)
+* [opa-ff](https://build.opensuse.org/request/show/626787) (date)
+* [openSUSE/build-compare](https://github.com/openSUSE/build-compare/pull/27) (erroneously reported jar files as identical)
+* [pcp](https://github.com/performancecopilot/pcp/pull/540) (merged, tar.gz)
+* [pcp](https://github.com/performancecopilot/pcp/pull/541) (merged, date)
+* [pocl](https://build.opensuse.org/request/show/626138) (CPU-detection)
+* [python-restkit](https://build.opensuse.org/request/show/627312) (date)
+* [tbb](https://build.opensuse.org/request/show/626788) (date)
+* [wsmancli](https://build.opensuse.org/request/show/627319) (date)
+* [xrdp](https://build.opensuse.org/request/show/627105) (drop random unused private key pem)
+* [yudit](http://yudit.org/download/patch-src/yudit-2.9.6.patch2.txt) (accepted, date)
+
+
+Misc.
+-----
+
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.


=====================================
_data/presentations.yml
=====================================
--- a/_data/presentations.yml
+++ b/_data/presentations.yml
@@ -1,3 +1,25 @@
+- title: Reproducible Buster and beyond)" by the Reproducible Builds team.
+  presented_by: Benjamin Hof, Chris Lamb, Holger Levsen, Steven Chamberlain, Vagrant Cascadian
+  event:
+    url: https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/
+    name: DebConf 2018
+    date: 2018-08-02
+    location: Hsinshu, Taiwan
+  video:
+    url: https://meetings-archive.debian.net/pub/debian-meetings/2018/DebConf18/2018-07-29/software-transparency-package-security-b.webm
+    youtube: F8_wUWibrO8
+
+- title: "Software transparency: package security beyond signatures and reproducible builds"
+  presented_by: Benjamin Hof
+  event:
+    url: https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/
+    name: DebConf 2018
+    date: 2018-07-29
+    location: Hsinshu, Taiwan
+  video:
+    url: https://meetings-archive.debian.net/pub/debian-meetings/2018/DebConf18/2018-07-29/software-transparency-package-security-b.webm
+    youtube: W89ecLNcKT8
+
 - title: You think you're not a target? A tale of 3 developers…
   presented_by: Chris Lamb
   event:



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/56c483c72ae729ac1c41d03851f9dbe1c17dd886...458812d7a65380e5072b6a788f4b2d590f66311e

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/56c483c72ae729ac1c41d03851f9dbe1c17dd886...458812d7a65380e5072b6a788f4b2d590f66311e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20180805/32cf80fd/attachment.html>


More information about the rb-commits mailing list