[Git][reproducible-builds/reproducible-presentations][master] foss-north.se talk: progress
Holger Levsen (@holger)
gitlab at salsa.debian.org
Mon Apr 24 10:01:47 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
a550dfb2 by Holger Levsen at 2023-04-24T12:01:32+02:00
foss-north.se talk: progress
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-04-24-foss-north.se-R-B-the-first-10-years/index.html
- 2023-04-24-foss-north.se-R-B-the-first-10-years/todo
Changes:
=====================================
2023-04-24-foss-north.se-R-B-the-first-10-years/index.html
=====================================
@@ -146,10 +146,9 @@
<section>
<p style="font-size: 120%"><em>
-maybe the talk title should have been:<br> <u>my</u> first 10 years with reproducible builds...
-
+Maybe the talk title should have been:<br> <u>my</u> first 10 years with reproducible builds
<span class="fragment">
- <br>though this is not about my work.
+ <br>- though this is not about my work:
</span>
<span class="fragment">
<br>
@@ -159,7 +158,7 @@ maybe the talk title should have been:<br> <u>my</u> first 10 years with reprodu
<span class="fragment">
<br>
-Also the idea is much older than 10 years...
+And the idea is also much older than 10 years...
</span>
</em>
</p>
@@ -340,17 +339,26 @@ Also the idea is much older than 10 years...
<section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
<p>Who am I</p>
<ol>
- <li>Holger Levsen / holger at debian.org</li>
- <li>Located in Hamburg, Germany</li>
+ <li>Holger Levsen / holger at debian.org, located in Hamburg, Germany</li>
<li>Debian user since 1995, contributing since 2001, Debian member since 2007. <span class="fragment">I ❤️ Debian.</span></li>
<li><span class="fragment">Working on Reproducible Builds since 2014,</span>
<span class="fragment">trying to make all ❤️ Free Software reproducible.</span></li>
+ <li><span class="fragment">Ask me anything, anytime. This is a pretty complex topic.</span>
</ol>
</section>
-
- <section data-background-color="white">
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h3>About you</h3>
+ <ul>
+ <li class="fragment">Who knows about Reproducible Builds, why and how?</li>
+ <li class="fragment">Who contribute(s|d) to Reproducible Builds?</li>
+ <li class="fragment">Who knows that Reproducible Builds have been known for more than 10 years?<span class="fragment"> >30 years?</span></li>
+ <li class="fragment">Who knows about SBOM? <span class="fragment">(Software Bill of Materials)</li>
+ </ul>
+ </section>
+
+ <section data-background-color="white">
<img class="fragment" src="images/logo.png" width="584">
</section>
@@ -358,15 +366,6 @@ Also the idea is much older than 10 years...
<h1>Introduction</h1>
</section>
- <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>Introduction</h3>
- <ul>
- <li class="fragment">Who knows about Reproducible Builds, why and how?</li>
- <li class="fragment">Who contribute(s|d) to Reproducible Builds?</li>
- <li class="fragment">Who knows that Reproducible Builds have been known for more than 10 years?</li>
- <li class="fragment">Who knows about SBOM?</li>
- </ul>
- </section>
<section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
<h3>The problem</h3>
@@ -400,17 +399,97 @@ Also the idea is much older than 10 years...
<section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
- <p>I'll mostly ignore <em>why</em> and <em>how</em> to do such builds today.</p>
- <p> <span class="fragment">By now this has been widely and largly understood: </span>
- <br><span class="fragment" style="font-size: 100%">https://reproducible-builds.org/resources/<br>https://reproducible-builds.org/docs/</span></li>
+ <p> By now this has been widely and largly understood:
+ <br><span class="fragment" style="font-size: 100%">https://reproducible-builds.org/resources/
+ <br>https://reproducible-builds.org/docs/
+ <br>https://reproducible-builds.org/docs/publications/</span></li>
<br><span class="fragment" style="font-size: 70%">https://www.whitehouse.gov/briefing-room/statements-releases/2021/06/08/...</span></li>
+ <p class="fragment">show presentation from Mike Perry and Seth Schoen <b>from 2013</b>.</p>
</section>
+
<section data-background-color="white">
<img src="images/logo.png" width="584">
<h3>https://reproducible-builds.org</h3>
</section>
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Fast forward to 2023</h2>
+ <p class="fragment">https://lists.zx2c4.com/pipermail/wireguard/2023-April/008045.html
+ <br />Wireguard (VPN app for Android) builds are now reproducible, their release is identical on their website, Google Play Store and F-Droid. 🎯🎯🎯🥳
+ <br />(it's more complicated than that, see their mail.)</p>
+ <p class="fragment">We were not even informed. 🥲 people just do reproducible builds as normal part of their work nowadays. 🤗</p>
+
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>How did we get there?</h2>
+ <li class="fragment">Edward Snowden</li>
+ <li class="fragment">Money</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Why money?</h2>
+ <li class="fragment">Bitcoin</li>
+ <li class="fragment">Gitian</li>
+ <li class="fragment">Bitcoin (the software) was reproducible in 2011.</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Why Snowden</h2>
+ <li class="fragment">Well...</li>
+ <li class="fragment">Mike Perry made Torbrowser reproducible in 2013.</li>
+ <li class="fragment">That's Firefox. One of the biggest software projects in the world.</li>
+ <li class="fragment">Lunar's BoF at DebConf13.</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Even earlier works</h2>
+ <li class="fragment">Show that thread on debian-devel at lists.debian.org from 2007</li>
+ <li class="fragment">Though the idea initially appeared in 2000 on debian-devel at l.d.o.</li>
+ <li class="fragment">And then in 2017 we learned from John Gilmore on rb-general at lists.reproducible-builds.org that GCC was reproducible in the early 1990s on several architectures!</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Detour: early computing </h2>
+ <li>in 2015 I've heard rumors, that in the past slot machines had to be reproducible, due to VAT fraud fears.</li>
+ <li class="fragment">fact: when machines had 4kb memory, some people knew every bit. That culture got lost when 640kb where not enough anymore...</li>
+ <li class="fragment">when machines got closer to 640 gigabye of memory the idea that someone would know every bit had become unimagineable.</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Detour: unexpected benefits of reproducible builds</h2>
+ <li class="fragment">in 2022 I learned about an Italian company doing certification for gambling machines using diffoscope...</li>
+ <li class="fragment">Licence compliance: you can only be sure a binary is Free Software if it can be (re-)built reproducibly from a given source.</li>
+ <li class="fragment">Software development: does this change really have no effect?</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Detour: diffoscope</h2>
+ <li class="fragment">Who knows about diffoscope?</li>
+ <li class="fragment">Who uses diffoscope?</li>
+ <li class="fragment">show https://diffoscope.org</li>
+ <li class="fragment">mention https://try.diffoscope.org</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>Back to 2013 onward</h2>
+ <li>Lunar's BoF at DebConf13.</li>
+ <li class="fragment">another BoF at DebConf14</li>
+ <li class="fragment">patches for <code>dpkg</code>: sorting fixes and .buildinfo files (SBOM!)</li>
+ <li class="fragment">in September 2014 I started systematic builds of Debian packages, twice. First just 100 packages, than all of them.</li>
+ <li class="fragment">Mike Perry and Seth Schoen gave that presentation at CCCongress in December 2014 showing "my" graphs. Wow.</li>
+ </section>
+
+ <section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
+ <h2>2015</h2>
+ <li class="fragment">FOSDEM talk by Lunar and myself, inviting the Free Software world at large to collaborate and tackle this problem.</li>
+ <li class="fragment">CCCamp presentation by Lunar, showing many problems and their solutions.</li>
+ <li class="fragment">SOURCE_DATE_EPOCH specification: https://reproducible-builds.org/specs/source-date-epoch/</li>
+ <li class="fragment">1st Reproducible Builds Summit in Athens.</li>
+ </section>
+
+
<section data-background="images/fn-logo.png" data-background-size="12%" data-background-position="90% 10%">
<h3>Short overview of reproducibility of other projects (all AIUI)</h3>
<ul class="fragment">Tails: "easy", pragmatically "solved" but not systematically...
=====================================
2023-04-24-foss-north.se-R-B-the-first-10-years/todo
=====================================
@@ -1,11 +1,23 @@
TODO:
-- link fedora makro
-- link wiregard news
-- include mail to which manoj replied
-- include gcc 1990s news.
+summit
+arch rebuilders
+snapshot
+
+
+
+debconf talks
+
+/docs/history
+
+S_D_E
+build path variations
+all the rest
+
+SBOM
- slide about SBOM: not related to r-b but without r-b it's rather meaningless. "just a promise".
-- /docs/history
+
+- link fedora makro
- explain S_D_E
- explain predictable build pathes
@@ -14,8 +26,7 @@ TODO:
- thread model much better explained by lamby
- slide?: change my mind - or after certain statements (single apps r-b usefulness)
- slide?: bootstrapable.org - this is limited to software. reproducible hardware & free & reproducible firmware...
-- say thanks to sponsors, one has even been from Göteburg: mulvad
- (mail them too)
+- say thanks to sponsors, one has even been from Göteburg: mullvad
slide: but surely: the goal of this talk is
- to get you excited & involved &|| caring and thus supportive
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/a550dfb2ee7e43f6b840166e685a0dd08c78bcb6
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/a550dfb2ee7e43f6b840166e685a0dd08c78bcb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230424/7bd925bb/attachment.htm>
More information about the rb-commits
mailing list