[Git][reproducible-builds/reproducible-presentations][master] 7 commits: Add SCALE 18x There and Back Again Reproducibly.

Vagrant Cascadian gitlab at salsa.debian.org
Sat Mar 7 01:06:03 UTC 2020



Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
aeceaef4 by Vagrant Cascadian at 2020-03-06T12:25:25-08:00
Add SCALE 18x There and Back Again Reproducibly.

- - - - -
8b0c811c by Vagrant Cascadian at 2020-03-06T15:36:27-08:00
SCALE there and back again: summit in 2020 ?

- - - - -
29a4ef76 by Vagrant Cascadian at 2020-03-06T15:56:13-08:00
scale there and back again: drop extraneous reference to try.diffoscope.org

- - - - -
a1e16c19 by Vagrant Cascadian at 2020-03-06T16:05:21-08:00
scale there and back again: split up the diffoscope slides a bit

- - - - -
7a9ac023 by Vagrant Cascadian at 2020-03-06T16:05:43-08:00
scale there and back again: remove a bonus plea for help

- - - - -
529c21d1 by Vagrant Cascadian at 2020-03-06T16:59:27-08:00
scale there and back again: fix formatting for diffoscope
security/refactoring.

- - - - -
26f99cf5 by Vagrant Cascadian at 2020-03-06T17:00:48-08:00
scale there and back again: be a bit less vague about gender
inclusivity.

- - - - -


18 changed files:

- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/Makefile
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/There-and-Back-Again-Reproducibly.org
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/345px-Mirkwood_-_entrance.jpg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/640px-The_Hobbit_-_Smaug.jpg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/800px-Hobbit_holes_reflected_in_water.jpg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/887px-Unico_Anello.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Ring-eye-sauron.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Trollschild.jpg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/aranha.jpg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/diffoscope.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/hobbit-on-a-barrel.jpeg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.xcf
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reprobuilds-display.jpeg
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reproducible-builds.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/stats_pkg_state.png
- + 2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/vagrantupsidedown.png


Changes:

=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/Makefile
=====================================
@@ -0,0 +1,14 @@
+# thanks to dima for walking me through this!
+#
+# needs: apt install emacs texlive-latex-extra org-mode
+
+all: $(patsubst %.org,%.pdf,$(wildcard *.org))
+
+%.pdf: %.org
+	emacs --batch --eval '(progn (find-file "$<") (org-beamer-export-to-pdf))'
+	rm -f *.tex
+
+clean:
+	rm -f *.pdf *.tex *.png
+
+.PHONY:clean


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/There-and-Back-Again-Reproducibly.org
=====================================
@@ -0,0 +1,420 @@
+#+TITLE: There and Back Again, Reproducibly!
+#+AUTHOR: Vagrant Cascadian
+#+EMAIL: vagrant at reproducible-builds.org
+#+DATE: SCALE 18x, 2020-03-08
+#+LANGUAGE:  en
+#+OPTIONS:   H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
+#+OPTIONS:   TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
+#+OPTIONS: ^:nil
+#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
+#+EXPORT_SELECT_TAGS: export
+#+EXPORT_EXCLUDE_TAGS: noexport
+#+startup: beamer
+#+LaTeX_CLASS: beamer
+#+LaTeX_CLASS_OPTIONS: [bigger]
+#+latex_header: \mode<beamer>{\usetheme{Madrid}}
+#+LaTeX_CLASS_OPTIONS: [aspectratio=169]
+#+BEGIN_comment
+There and Back Again, Reproducibly!
+SCALE 18x, Pasadena, California
+2020-03-08 16:30 to 17:30
+Room 106
+
+There is an epic journey from reviewed source code to the code you
+actually run on your computer, and things can go quietly wrong along
+the way!
+
+We can't do absolutely everything ourselves by hand, so we necessarily
+put trust into something or someone along the way. Will you join us on
+our journey, brave adventurer?
+
+What happens to your code as it passes through dark forests,
+trecherous mountain passes, or deep forboding caverns? What if
+something is quietly corrupting an otherwise trustworthy ally? Help
+showing up, but with it's own motives?
+
+Reproducible Builds gives a project confidence that the journey from
+source code to binary code gets you there and back again.
+
+https://reproducible-builds.org
+#+END_comment
+
+* Who am I
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+[[./images/vagrantupsidedown.png]]
+
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+  |                     | Vagrant |
+  |---------------------+---------|
+  | debian user         |    2001 |
+  | debian developer    |    2010 |
+  | reproducible builds |    2015 |
+
+* When we say reproducible
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.7
+    :END:
+
+https://reproducible-builds.org/docs/definition/
+
+\vspace{\baselineskip}
+
+A build is reproducible if given the same source code, build
+environment and build instructions, any party can recreate bit-by-bit
+identical copies of all specified artifacts.
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+
+[[./images/reproducible-builds.png]]
+
+* Once upon a time
+
+#+ATTR_BEAMER: :overlay <+->
+- Historically software was reproducible! Every bit counted.
+- Things eventually got more complicated...
+- Bit for bit reproducible GNU toolchain in the early 90s on 10(?) architectures.
+- *And then we all forgot.*
+- Then, in 2011 and 2012, Bitcoin and Torbrowser were made reproducible.
+
+* Debian
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.60
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- A list mail in 1997, very few more in 2001 and 2003.
+- In 2013 people in Debian began to investigate
+- In 2014 systematic testing, classifications and weekly blogs.
+- Since 2017 in Debian Policy
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.40
+    :END:
+
+[[./images/stats_pkg_state.png]]
+
+* Humble beginnings
+
+[[./images/800px-Hobbit_holes_reflected_in_water.jpg]]
+
+* Unexpected guests
+
+[[./images/r-b-projects.png]]
+
+* Shared research and developments
+
+https://tests.reproducible-builds.org
+
+\vspace{\baselineskip}
+
+#+ATTR_BEAMER: :overlay <+->
+- Test/research setup for many but not all projects.
+- Since end of 2018 shared database for some of those.
+- Sharing issues, patches and upstreaming them.
+- Shared public blog, now called monthly report.
+- More collaboration is possible!
+
+* trolls
+
+[[./images/Trollschild.jpg]]
+
+* caves
+
+[[./images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG]]
+
+* Does it like riddles?
+
+This thing all things devours;
+
+Birds, beasts, trees, flowers;
+
+Gnaws iron, bites steel;
+
+Grinds hard stones to meal;
+
+Slays king, ruins town,
+
+And beats mountain down.
+
+* And more riddles
+
+Time! I need more Time!
+
+#+ATTR_BEAMER: :overlay <+->
+- timestamps
+- build paths
+- timezones
+- locales
+- timestamps
+- hundreds of classes of causes !
+- also timestamps
+- It's fun to discover these! Well, mostly.
+
+* What has it got in its pockets?
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.5
+    :END:
+
+[[./images/887px-Unico_Anello.png]]
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- Highly portable! Always keep close to you.
+- Magic powers (e.g. invisibility)
+- Precious
+- May use *you* for it's own ends
+
+* Dark and forboding places
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+[[./images/345px-Mirkwood_-_entrance.jpg]]
+
+* Forest for the trees
+
+https://diffoscope.org
+
+\vspace{\baselineskip}
+
+#+ATTR_BEAMER: :overlay <+->
+- Recursive and human-readable "diff"
+  - locates and diagnoses reproducibility issues
+  - *not* used for determining whether something is reproducible!
+  - used for analysing *why*
+
+* diffoscope example
+
+[[./images/diffoscope.png]]
+
+* beyond reproducible builds
+
+https://diffoscope.org
+
+\vspace{\baselineskip}
+
+useful beyond reproducible builds, eg.
+
+#+ATTR_BEAMER: :overlay <+->
+  - security updates
+  - code refactoring
+
+* diffoscope, supported file types
+
+Android APK files, Android boot images, Ar(1) archives, Berkeley DB database files, Bzip2 archives, Character/block devices, ColorSync colour profiles (.icc), Coreboot CBFS filesystem images, Cpio archives, Dalvik .dex files, Debian .buildinfo files, Debian .changes files, Debian source packages (.dsc), Device Tree Compiler blob files, Directories, ELF binaries, Ext2/ext3/ext4/btrfs filesystems, FreeDesktop Fontconfig cache files, FreePascal files (.ppu), Gettext message catalogues, GHC Haskell .hi files, GIF image files, Git repositories, GNU R database files (.rdb), GNU R Rscript files (.rds), Gnumeric spreadsheets, Gzipped files, ISO 9660 CD images, Java .class files, JavaScript files, JPEG images, JSON files, LLVM IR bitcode files, MacOS binaries, Microsoft Windows icon files, Microsoft Word .docx files, Mono 'Portable Executable' files, Ogg Vorbis audio files, OpenOffice .odt files, OpenSSH public keys, OpenWRT package archives (.ipk), PDF documents, PGP signed/encrypted messages, PNG images, PostScript documents, RPM archives, Rust object files (.deflate), SQLite databases, SquashFS filesystems, Statically-linked binaries, Symlinks, Tape archives (.tar), Tcpdump capture files (.pcap), Text files, TrueType font files, XML binary schemas (.xsb), XML files, XZ compressed files, etc.
+
+* try diffoscope
+
+https://diffoscope.org
+
+\vspace{\baselineskip}
+
+#+ATTR_BEAMER: :overlay <+->
+- available for Debian, Fedora, OpenSUSE, Archlinux, GNU Guix, NixOS, FreeBSD, NetBSD, Homebrew, PypI, ...
+- and on the web: https://try.diffoscope.org
+
+* spiders
+
+[[./images/aranha.jpg]]
+
+* A barrel in the river
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+
+[[./images/hobbit-on-a-barrel.jpeg]]
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.6
+    :END:
+
+reprotest
+
+#+ATTR_BEAMER: :overlay <+->
+- builds something twice with many variations
+- https://salsa.debian.org/reproducible/reprotest
+- if unreproducible: "bisect" the variations
+
+* Under the mountain
+
+[[./images/640px-The_Hobbit_-_Smaug.jpg]]
+
+* And back again
+
+[[./images/800px-Hobbit_holes_reflected_in_water.jpg]]
+
+* The End ... Or the Beginning?
+
+[[./images/reproducible-builds.png]]
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.67
+    :END:
+
+https://reproducible-builds.org
+
+* Who watches
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+[[./images/Ring-eye-sauron.png]]
+
+* Theory vs Praxis
+
+#+ATTR_BEAMER: :overlay <+->
+- 93% is a wonderful fantasy
+- 7% of 30000 source packages means 2100 unreproducible source packages.
+- And there's new software every hour
+- Getting software reproducible in theory is only part of the way
+- Hard work begins making reproducible builds in practice
+  - distributed multi-party verification
+  - meaningful end-user interfaces
+- *There is a lot to do. Please. Help.*
+
+* Councils of the Wise
+
+https://reproducible-builds.org/events/
+
+\vspace{\baselineskip}
+
+Reproducible builds summits:
+
+#+ATTR_BEAMER: :overlay <+->
+- Athens 2015
+- Berlin 2016
+- Berlin 2017
+- Paris 2018
+- Marrakesh 2019
+- ??? 2020
+
+* Collaboration
+
+https://reproducible-builds.org/contribute/
+
+\vspace{\baselineskip}
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+[[./images/reprobuilds-display.jpeg]]
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.6
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- We stand on the shoulders of giants.
+- And women, men and people of all genders,
+- And elves and dwarves,
+- And wizards and hobbits,
+- And beings beyond our current imagination,
+- And we welcome you.
+- And we welcome Free Software.
+
+* Questions?
+
+Thank you for your time and contributions.
+
+\vspace{\baselineskip}
+
+It's been a long journey but we will get there. And back again, on to new journeys!
+
+[[./images/reproducible-builds.png]]
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.67
+    :END:
+
+https://reproducible-builds.org
+
+* Copyright and attributions
+\addtocounter{framenumber}{-1}
+\tiny
+
+  Copyright 2019 Vagrant Cascadian <vagrant at reproducible-builds.org>
+
+  Copyright 2019 Holger Levsen <holger at layer-acht.org>
+
+  This work is licensed under the Creative Commons
+  Attribution-ShareAlike 4.0 International License.
+
+  To view a copy of this license, visit
+  https://creativecommons.org/licenses/by-sa/4.0/
+
+\vspace{\baselineskip}
+
+  Images downloaded from commons.wikimedia.org and licensed under the
+  Creative Commons Attribution 2.0 Generic license:
+
+  https://creativecommons.org/licenses/by/2.0/deed.en
+
+  https://commons.wikimedia.org/wiki/File:Hobbit_holes_reflected_in_water.jpg
+  https://commons.wikimedia.org/wiki/File:The_Hobbit_-_Smaug.jpg
+
+  Except the ring, which is public domain and/or very, very permissive:
+
+  https://commons.wikimedia.org/wiki/File:Unico_Anello.png
+
+  Mirkwood and the Caverna Morro ..., licensed under:
+
+  https://creativecommons.org/licenses/by-sa/3.0/deed.en
+  https://commons.wikimedia.org/wiki/File:Mirkwood_-_entrance.jpg
+  https://commons.wikimedia.org/wiki/File:Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
+
+  The Troll sign ispublic domain:
+
+  https://de.wikipedia.org/wiki/Datei:Trollschild.jpg
+
+  And the logos, which are under their respective licenses. The compilation made by Holger is CC-SA 4.0 intl.
+
+  Eye of sauron:
+
+  https://creativecommons.org/licenses/by-sa/4.0/deed.en
+  https://en.wikipedia.org/wiki/File:Ring-eye-sauron.gif
+
+  reprobuilds-display from Jelle is under MIT:
+
+  https://github.com/jelly/reproduciblebuilds-display
+
+  stats_pkg_state has been generated by code licensed under GPL2, written by Holger and was downloaded from:
+
+  https://tests.reproducible-builds.org/debian/unstable/amd64/stats_pkg_state.png
+
+  hobbit-on-a-barrel.jpeg used under fair use.


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/345px-Mirkwood_-_entrance.jpg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/345px-Mirkwood_-_entrance.jpg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/640px-The_Hobbit_-_Smaug.jpg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/640px-The_Hobbit_-_Smaug.jpg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/800px-Hobbit_holes_reflected_in_water.jpg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/800px-Hobbit_holes_reflected_in_water.jpg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/887px-Unico_Anello.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/887px-Unico_Anello.png
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Ring-eye-sauron.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/Ring-eye-sauron.png
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Trollschild.jpg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/Trollschild.jpg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/aranha.jpg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/aranha.jpg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/diffoscope.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/diffoscope.png
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/hobbit-on-a-barrel.jpeg
=====================================
@@ -0,0 +1 @@
+../../2019-11-16-SeaGL-There-and-Back-Again-Reproducibly/images/hobbit-on-a-barrel.jpeg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/r-b-projects.png
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.xcf
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/r-b-projects.xcf
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reprobuilds-display.jpeg
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/reprobuilds-display.jpeg
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reproducible-builds.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/reproducible-builds.png
\ No newline at end of file


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/stats_pkg_state.png
=====================================
Binary files /dev/null and b/2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/stats_pkg_state.png differ


=====================================
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/vagrantupsidedown.png
=====================================
@@ -0,0 +1 @@
+../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/vagrantupsidedown.png
\ No newline at end of file



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/f457dfb9095a4243f5e9657790635a785a91f5d0...26f99cf537a9b6b57e79d0e49a0652e1fd378257

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/f457dfb9095a4243f5e9657790635a785a91f5d0...26f99cf537a9b6b57e79d0e49a0652e1fd378257
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200307/29a6a3b2/attachment.htm>


More information about the rb-commits mailing list