[Git][reproducible-builds/reproducible-website][master] 2019-04: -5 FIXMEs

Bernhard M. Wiedemann gitlab at salsa.debian.org
Thu May 2 08:29:22 UTC 2019



Bernhard M. Wiedemann pushed to branch master at Reproducible Builds / reproducible-website


Commits:
b2410c01 by Bernhard M. Wiedemann at 2019-05-02T08:28:45Z
2019-04: -5 FIXMEs

- - - - -


1 changed file:

- _reports/2019-04.md


Changes:

=====================================
_reports/2019-04.md
=====================================
@@ -11,12 +11,14 @@ draft: true
     * [FIXME](https://lists.freedesktop.org/archives/fontconfig/2019-April/006508.html)
     * [FIXME](https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/130#note_144421)
 
+* the recent `bootstrap-sass` incident
+    * David A. Wheeler published [an essay on the incident](https://dwheeler.com/essays/bootstrap-sass-subversion.html) that proposes reproducible builds as one way to reduce the impact of such software supply chain attacks in the future.
+    * Jake Edge had similar thoughts on [LWN](https://lwn.net/Articles/785386/)
+
 * Chris Lamb [updated the certificate](https://github.com/lamby/try.diffoscope.org/commit/aa3cc35451dd7fedfdc30af7b248b39d0e9f7898) of try.diffoscope.org ; FIXME: background/details
 
 * [debian-installer upload](https://bugs.debian.org/920676#50)
 
-* David A. Wheeler published [an essay on the recent `bootstrap-sass` incident](https://dwheeler.com/essays/bootstrap-sass-subversion.html) that proposes reproducible builds as one way to reduce the impact of such software supply chain attacks in the future.
-
 * Bernhard M. Wiedemann [posted his monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2019-04/msg00414.html) for the [openSUSE](https://opensuse.org/) distribution.
 
 * The first non-trivial library written in [Scala](https://www.scala-lang.org/) (on the [JVM](https://reproducible-builds.org/docs/jvm/)) was released with Arnout Engelen's [sbt-reproducible-builds](https://github.com/raboof/sbt-reproducible-builds) plugin enabled during the build: [Akka 2.5.22](https://akka.io/blog/news/2019/04/03/akka-2.5.22-released). The artifacts built with version 2.12.8 and 2.13.0-RC1 of the Scala compiler could be [successfully reproduced](https://arnout.engelen.eu/rb/akka/2.12/2.5.22/). For 2.12.8 the original release was performed on a Mac and the validation on a Debian machine, so it appears the build is reproducible across diverse systems.
@@ -44,8 +46,6 @@ draft: true
     * [linux](https://salsa.debian.org/kernel-team/linux/merge_requests/140) [Sort list of modules before adding to .json file](https://salsa.debian.org/kernel-team/linux/commit/58ef63e9e2c71ffd8a21e9c620db71cb96d2d5a9)
     * debian-installer: [Fix reproducibility of u-boot images by using gzip -n](https://salsa.debian.org/installer-team/debian-installer/commit/deeee34bc0ee5ec879182111b809896752ad0df9)
 
-* [FIXME](https://lwn.net/Articles/785386/)
-
 * [https://github.com/Qucs/ADMS/pull/84#issuecomment-484791782 merged](https://github.com/Qucs/ADMS/pull/84#issuecomment-484791782)
 
 * [https://github.com/shadow-maint/shadow/pull/146#issuecomment-485286090 merged](https://github.com/shadow-maint/shadow/pull/146#issuecomment-485286090)
@@ -61,19 +61,16 @@ For those who are not aware M2-Planet is a self-hosting C compiler written in a
 that has been bootstrapped entirely from hex0 with 100% reproducible output/binaries.
 
 
-* [FIXME](https://news.ycombinator.com/item?id=19732794)
+* A [discussion on HackerNews](https://news.ycombinator.com/item?id=19732794) discussed reproducible builds for WebAssembly and other formats that currently use binary uploads.
 
-* [FIXME](https://github.com/golang/go/issues/16860)
-https://go-review.googlesource.com/c/go/+/173344/
+* A patch to the go compiler was proposed to extend the [`-trimpath`](https://go-review.googlesource.com/c/go/+/173344/) syntax. This helps to fix [variations from buildpath](https://github.com/golang/go/issues/16860).
 
 * [FIXME](https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/)
 
 * Reproducible Builds participated in GSoC but sadly we didnt find any suitable students.
 
-* [FIXME](https://github.com/TheDigitalStandard/TheDigitalStandard/pull/115)
+* Bobby Richter proposed [an addition of reproducible builds](https://github.com/TheDigitalStandard/TheDigitalStandard/pull/115) as indicator of good digital products.
 
 * [Stop Memsettings Structures](https://www.anmolsarma.in/post/stop-struct-memset/)
 
 * Vagrant Cascadian submitted an [update to diffoscope 114](https://issues.guix.info/issue/35478) in [GNU Guix](https://www.gnu.org/software/guix/).
-
-* [FIXME](https://go-review.googlesource.com/c/go/+/173344/)



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b2410c01924cfbd4befec5e9fba067ac7dc18252

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b2410c01924cfbd4befec5e9fba067ac7dc18252
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190502/39eeee96/attachment.html>


More information about the rb-commits mailing list