[Git][reproducible-builds/reproducible-presentations][master] 10 years r-b cccamp talk: reorder some slides
Holger Levsen (@holger)
gitlab at salsa.debian.org
Sun Aug 13 11:58:01 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
684103f8 by Holger Levsen at 2023-08-13T13:57:49+02:00
10 years r-b cccamp talk: reorder some slides
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-08-19-R-B-the-first-10-years/index.html
- 2023-08-19-R-B-the-first-10-years/todo
Changes:
=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -555,6 +555,7 @@ And the idea is also much older than 10 years...
</ul>
</section>
+
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
<h3>
https://reproducible-builds.org/docs/definition/
@@ -566,6 +567,40 @@ And the idea is also much older than 10 years...
</ul>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>How did we get there?</h2>
+ <li class="fragment">Money</li>
+ <li class="fragment">Edward Snowden</li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>Why money?</h2>
+ <li class="fragment">Bitcoin</li>
+ <li class="fragment">Gitian</li>
+ <li class="fragment">Bitcoin (the software) was reproducible in 2011.</li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>Why Snowden</h2>
+ <li class="fragment">Well...</li>
+ <li class="fragment">Mike Perry made Torbrowser reproducible in 2013.</li>
+ <li class="fragment">That's Firefox. One of the biggest software projects in the world.</li>
+ <li class="fragment">Lunar's BoF at DebConf13.</li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>How did we get there?</h2>
+ <li>Money</li>
+ <li>Edward Snowden</li>
+ <li class="fragment">...and a LOT of work by MANY people.</li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>Even earlier works</h2>
+ <li class="fragment">Show that thread on debian-devel at lists.debian.org from 2007</li>
+ <li class="fragment">Though the idea initially appeared in 2000 on debian-devel at l.d.o.</li>
+ <li class="fragment">And then in 2017 we learned from John Gilmore on rb-general at lists.reproducible-builds.org that GCC was reproducible in the early 1990s on several architectures!</li>
+ </section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
@@ -574,7 +609,6 @@ And the idea is also much older than 10 years...
<br>https://reproducible-builds.org/docs/
<br>https://reproducible-builds.org/docs/publications/</span></li>
<br><span class="fragment" style="font-size: 70%">https://www.whitehouse.gov/briefing-room/statements-releases/2021/06/08/...</span></li>
- <p class="fragment">show presentation from Mike Perry and Seth Schoen <b>from 2013</b>.</p>
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
@@ -632,47 +666,6 @@ And the idea is also much older than 10 years...
</section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>How did we get there?</h2>
- <li class="fragment">Money</li>
- <li class="fragment">Edward Snowden</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>Why money?</h2>
- <li class="fragment">Bitcoin</li>
- <li class="fragment">Gitian</li>
- <li class="fragment">Bitcoin (the software) was reproducible in 2011.</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>Why Snowden</h2>
- <li class="fragment">Well...</li>
- <li class="fragment">Mike Perry made Torbrowser reproducible in 2013.</li>
- <li class="fragment">That's Firefox. One of the biggest software projects in the world.</li>
- <li class="fragment">Lunar's BoF at DebConf13.</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>How did we get there?</h2>
- <li>Money</li>
- <li>Edward Snowden</li>
- <li class="fragment">...and a LOT of work by MANY people.</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>Even earlier works</h2>
- <li class="fragment">Show that thread on debian-devel at lists.debian.org from 2007</li>
- <li class="fragment">Though the idea initially appeared in 2000 on debian-devel at l.d.o.</li>
- <li class="fragment">And then in 2017 we learned from John Gilmore on rb-general at lists.reproducible-builds.org that GCC was reproducible in the early 1990s on several architectures!</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>Detour: early computing </h2>
- <li>in 2015 I've heard rumors, that in the past slot machines had to be reproducible, due to VAT fraud fears.</li>
- <li class="fragment">fact: when machines had 4kb memory, some people knew every bit. That culture got lost when 640kb where not enough anymore...</li>
- <li class="fragment">when machines got closer to 640 gigabye of memory the idea that someone would know every bit had become unimagineable.</li>
- </section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
<h2>Detour: https://diffoscope.org</h2>
@@ -700,9 +693,9 @@ And the idea is also much older than 10 years...
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
<h2>Detour: unexpected benefits of reproducible builds</h2>
- <li class="fragment">in 2022 I learned about an Italian company doing certification for gambling machines using diffoscope...</li>
<li class="fragment">Licence compliance: you can only be sure a binary is Free Software if it can be (re-)built reproducibly from a given source.</li>
<li class="fragment">Software development: does this change really have no effect / the desired effect only?</li>
+ <li class="fragment">lower development costs and increased development speed through less developer time wasted on build results</li>
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
@@ -733,6 +726,31 @@ And the idea is also much older than 10 years...
<li class="fragment">1st Reproducible Builds Summit in Athens.</li>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>Common reasons for unreproducibilities:</h2>
+ <li class="fragment">timestamps, timestamps, timestamps<li>
+ <li class="fragment">timestamps, timestamps, timestamps<li>
+ <li class="fragment">build pathes, build pathes<li>
+ <li class="fragment">all the rest</li>
+ <li class="fragment">422 known issue types in reproducible-notes.git<li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>SOURCE_DATE_EPOCH</h2>
+ <li>who knows about SOURCE_DATE_EPOCH?</li>
+ <li class="fragment">build time stamps are meaningless. SOURCE_DATE_EPOCH describes the time of the last modification of the source.</li>
+ <li class="fragment">specification from 2015, supported by <b>a lot</b> of software today.</li>
+ <li class="fragment">https://reproducible-builds.org/docs/source-date-epoch/</li>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
+ <h2>build path variation</h2>
+ <li>The solution is simple. But it took me almost 10 years to get there.<span class="fragment" Again.</span></li>
+ <li class="fragment">First we tried to fix them. Still a valid and useful approach.</li>
+ <li class="fragment">Then we quickly came up with a workaround: record the build path and do rebuilds in the same build path.</li>
+ <li class="fragment">in April 2023 in a discussion with Vagrant a much simpler solution came up: just don't vary the build path, instead use predictable build pathes like <code>/buildpath/linux-6.2.23</code></li>
+ </section>
+
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
<h2>Reproducible Builds Summits</h2>
<li>2015 Athens</li>
@@ -842,34 +860,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<p class="fragment">Finally: 96% is not good enough.</p>
</section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>Common reasons for unreproducibilities:</h2>
- <li class="fragment">timestamps, timestamps, timestamps<li>
- <li class="fragment">timestamps, timestamps, timestamps<li>
- <li class="fragment">build pathes, build pathes<li>
- <li class="fragment">all the rest</li>
- <li class="fragment">422 known issue types in reproducible-notes.git<li>
- </section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>SOURCE_DATE_EPOCH</h2>
- <li>who knows about SOURCE_DATE_EPOCH?</li>
- <li class="fragment">build time stamps are meaningless. SOURCE_DATE_EPOCH describes the time of the last modification of the source.</li>
- <li class="fragment">supported by <b>a lot</b> of software today.</li>
- <li class="fragment">show https://reproducible-builds.org/docs/source-date-epoch/</li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h2>build path variation</h2>
- <li>The solution is simple. But it took me almost 10 years to get there.<span class="fragment" Again."</span></li>
- <li class="fragment">First we tried to fix them. Still a valid and useful approach.</li>
- <li class="fragment">Then we quickly came up with a workaround: record the build path and do rebuilds in the same build path.</li>
- <li class="fragment">in April 2023 in a discussion with Vagrant a much simpler solution came up: just don't vary the build path, instead use predictable build pathes like <code>/buildpath/linux-6.2.23</code></li>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
- <h3>back to Debian again</h3>
- </section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%">
<h3>Debian unstable, 20230804</h3>
=====================================
2023-08-19-R-B-the-first-10-years/todo
=====================================
@@ -1,13 +1,15 @@
+main story points:
+ history
+ S_D_E
+ build path
+ funding
+ missing bits / future work
+
new todo:
incl emails?
incl S_D_E definition, no screenshots
- main story points:
- history
- S_D_E
- build path
- funding
- missing bits / future work
improve end / debian status
+ mv Debian up
mention financing, esp for summit!
say thanks to future and previous sponsors
funding: first LF, now an SFC project. I like the SFCs focus on freedom.
@@ -20,8 +22,6 @@ new todo:
update numbers for trixie
list 10 biggest blockers
or 23
- mention various unexpected r-b benefits: (one slide, already mentioned in various places) increased development speed, less developer time wasted on build results
- cleanup old todo, its a good script!
old TODO:
@@ -36,16 +36,12 @@ slide: but surely: the goal of this talk is
- think SBOM binary transparency merkel tree
- on a distro scale (say: "please do it with an r-b debian fork. hah, doesnt work because of the 97% only yet".)
-slide: r-b is now barely a teenie. I look forward to it being grown up, so in 8 years, I hope to be able to let it go.
slide: why? threat models
-slide: SOURCE_DATE_EPOCH 1.0 2015, 1.1 2017
slide" build path variation: 2023: don't do it. Bug#1034424: buildd.debian.org: Please use predictible build paths
(for Debian folks: no more build path variation in unstable)
slide: 2017: debian-policy: should
slide: fedora (show makro enabled thing)
slide: archlinux (mention: they are great. have rebuilders. pacman-bintrans a model for debian and everyone else.)
-slide: f-droid
- single apps reproducibililty not practical
slide: honorable mention: trisqel
slide: macos, windows, google android
slide: debian:
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/684103f8f3bf21c15b353b8849ab8d6060dc3613
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/684103f8f3bf21c15b353b8849ab8d6060dc3613
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230813/f7a44421/attachment.htm>
More information about the rb-commits
mailing list