[Git][reproducible-builds/reproducible-presentations][master] more work on progress on bornhack.dk/dc21 talk
Holger Levsen (@holger)
gitlab at salsa.debian.org
Mon Aug 23 20:32:38 UTC 2021
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
9ac4215e by Holger Levsen at 2021-08-23T22:32:18+02:00
more work on progress on bornhack.dk/dc21 talk
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2021-08-24-where-we-come-from-and-where-we-are-going/index.html
- 2021-08-24-where-we-come-from-and-where-we-are-going/todo
Changes:
=====================================
2021-08-24-where-we-come-from-and-where-we-are-going/index.html
=====================================
@@ -175,7 +175,7 @@
<section data-background="images/dc21-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<p>However, it is what is... sigh.</p>
- <p class="fragment">Also, please remember: the worldwide pandemic is a small crisis, compared to the climate apocalypsis we are heading into.</p>
+ <p class="fragment">Also, please remember: the worldwide pandemic is almost a small crisis, compared to the climate apocalypsis we are heading into.</p>
<p class="fragment">Anyway.</p>
</section>
@@ -190,6 +190,18 @@
</ol>
</section>
+ <section data-background="images/dc21-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <p>Who am I</p>
+ <ol>
+ <li>Holger Levsen / holger at debian.org</li>
+ <li>Debian user since 1995</li>
+ <li>Debian member since 2007</li>
+ <li>Working on Reproducible Builds since 2014</li>
+ <li>Located in Hamburg, Germany</li>
+ <li>Responsible for more than 10% of all source packages in Debian bullseye</li>
+ </ol>
+ </section>
+
<section data-background-color="white">
<img class="fragment" src="images/logo.png" width="584">
@@ -205,13 +217,35 @@
<li class="fragment">Source code of free software available</li>
<li class="fragment">…most people install pre-compiled binaries</li>
<li class="fragment"><strong>We have no idea whether they correspond.</strong></li>
+ <li class="fragment">As a result there are various classes of supply chain attacks.</li>
</ul>
</section>
+ <section data-background="images/dc21-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>The solution</h3>
+ <ul>
+ <li class="fragment">Enable anyone to independently verify that a given source produces bit by bit identical results.</li>
+ <li class="fragment">Reproducible Builds are an important building block in making supply chains more secure. Nothing more, nothing less.</li>
+ <li class="fragment">As a side effect: you can only be sure a binary is free software if it has been reproduced. <em>It's only free software if it's reproducible!</em></li>
+ </ul>
+ </section>
+
+ <section data-background="images/dc21-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>The definition</h3>
+ <ul>
+ <li>When is a build reproducible?</li>
+ <li class="fragment">A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.</li>
+ <li class="fragment">The relevant attributes of the build environment, the build instructions and the source code as well as the expected reproducible artifacts are defined by the authors or distributors. The artifacts of a build are the parts of the build results that are the desired primary output.<li>
+ <li class="fragment">https://reproducible-builds.org/docs/definition/</li>
+
+ </ul>
+ </section>
+
+
<section data-background="images/dc21-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<p>I'll mostly ignore <em>why</em> and <em>how to do such builds</em> now.</p>
<p class="fragment">Instead I will focus on <em>how to distribute and verify</em>.</p>
- <p class="fragment">(Sadly this talk is not team prepared and thus misses the updates since last DebConf section and more.)</p>
+ <p class="fragment">(Sadly this talk is not team prepared and thus misses the updates since last DebConf section and more. It's the 2nd and hopefully the last time that only myself is presenting about this massive team work.)</p>
</section>
<section data-background-color="white">
=====================================
2021-08-24-where-we-come-from-and-where-we-are-going/todo
=====================================
@@ -1,18 +1,9 @@
test debrebuild
dc21 shirt foto?
other distro slides:
- nix/guix/arch/suse/tail/yocto
-
-
-the problem:
- supply chain attacks
- r-b is an important building block in making supply chains more secure
-
- incl definition, enable everyone
- its only free software if its reproducible
+ nix/guix/arch/suse/tail/yocto/fdroid
+diffoscope 113 in buster, diffoscope 177 in bullseye
-
-
my goals from last year / debconf20
my frustration from last year
@@ -23,21 +14,20 @@ stretch / buster / bullseye
explain buster status
explain bullseye status
+ .buildinfo files
+ explain bullseye problems
+ 3000 uploads
+ i now maintain 10% of debian. (HAHAHA)
+ .buildinfo files for security
snapshot PoC for amd64 only atm
currently it is roughly 1473740+ files stored as sha256 (current rsync report); 4.1T usage; 1412490037 inodes
the postgresql DB is 3.9G
from Jan, 1 2017 until today
buster && bullseye && bookworm && unstable
- .buildinfo files
-explain bullseye problems
- 3000 uploads
- i now maintain 10% of debian. (HAHAHA)
- .buildinfo files for security
-
-
next
rebuilder from fpetre ir kpcyrd
+ expired keys are a problem
security updates
NOPE
point releases!
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/9ac4215eadd687c4680ff1490bea7a4289497109
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/9ac4215eadd687c4680ff1490bea7a4289497109
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210823/39dd8755/attachment.htm>
More information about the rb-commits
mailing list