[Git][reproducible-builds/reproducible-presentations][master] 2 commits: 10 years r-b cccamp talk: further wip
Holger Levsen (@holger)
gitlab at salsa.debian.org
Thu Aug 17 14:40:39 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
e783f500 by Holger Levsen at 2023-08-17T16:34:52+02:00
10 years r-b cccamp talk: further wip
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
35914b2b by Holger Levsen at 2023-08-17T16:40:28+02:00
10 years r-b cccamp talk: final wip for today
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-08-19-R-B-the-first-10-years/index.html
- 2023-08-19-R-B-the-first-10-years/todo
Changes:
=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -733,7 +733,7 @@ And the idea is also much older than 10 years...
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h2>Detour: unexpected benefits of reproducible builds</h2>
- <li class="fragment">Lower development costs and increased development speed through less developer time wasted on build results.</li>
+ <li class="fragment">Lower development costs and increased development speed through less developer time wasted on waiting for builds.</li>
<li class="fragment">Licence compliance: you can only be sure a binary is Free Software if it can be (re-)built reproducibly from a given source.</li>
<li class="fragment">Software development: does this change really have no effect / the desired effect only?</li>
</section>
@@ -852,45 +852,6 @@ Warpforge.
</p>
</section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Debian trixie, 20230804</h3>
- <img src="images/stats_pkg_state_trixie_20230804.png">
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h4>https://beta.tests.reproducible-builds.org/debian</h4>
- <img src="images/bookworm_full.amd64+all.png">
-
- </section>
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Theory vs Praxis</h3>
- <p>I used to say: 96% reproducibility is a lie. Or rather: 96% are CI results.</p>
- <p class="fragment">Now I like to say: in theory, we are done. In practice, we have shown that reproducible builds can be done in theory.</p>
- </section>
-
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <img src="images/ccc2014-13.png">
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Theory vs Praxis</h3>
- <ul>
- <li>Those missing 5% are <b>one</b> reason why we are not done yet.<li>
- <li class="fragment">Those missing 5% are crucial however, or at least 1% of them. For Debian, 1% means 300 softwares...</li>
- <li class="fragment">Rebuilding / reproducing Debian in practice also requires a working snapshot.debian.org service and we don't have this.</li>
- <li class="fragment">once we have that, we need many rebuilders like beta.tests.reproducible.org and we need to store the results somewhere and we need to define criterias how tools should treat that data...</li>
-
- </ul>
- </section>
-
-
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects (AIUI)</h3>
<ul class="fragment">Tails: "easy", pragmatically "solved" but not systematically...
@@ -925,6 +886,20 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</ul>
</section>
+
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Debian trixie, 20230804</h3>
+ <img src="images/stats_pkg_state_trixie_20230804.png">
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h4>https://beta.tests.reproducible-builds.org/debian</h4>
+ <img src="images/bookworm_full.amd64+all.png">
+
+ </section>
+
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Summary of reproducibility of various projects</h3>
<p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident.</p>
@@ -936,7 +911,29 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <img src="images/ccc2014-13.png">
+ </section>
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Theory vs Praxis</h3>
+ <p>I used to say: 96% reproducibility is a lie. Or rather: 96% are CI results.</p>
+ <p class="fragment">Now I like to say: in theory, we are done. In practice, we have shown that reproducible builds can be done in theory.</p>
+ </section>
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Theory vs Praxis</h3>
+ <ul>
+ <li>Those missing 5% are <b>one</b> reason why we are not done yet.<li>
+ <li class="fragment">Those missing 5% are crucial however, or at least 1% of them. For Debian, 1% means 300 softwares...</li>
+ <li class="fragment">Rebuilding / reproducing Debian in practice also requires a working snapshot.debian.org service and we don't have this.</li>
+ <li class="fragment">once we have that, we need many rebuilders like beta.tests.reproducible.org and we need to store the results somewhere and we need to define criterias how tools should treat that data...</li>
+
+ </ul>
+ </section>
@@ -1016,8 +1013,9 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
Thank you
<br><small>… and all the contributors out there!</small>
</h3>
- <p class="fragment">Do you think reproducible builds should happen?<br> If so, please help.<br />We need your help.</p>
- <p class="fragment"><em>I still haven't found what I'm looking for <br> but I'm confident we'll get there, eventually!</em></p>
+ <p class="fragment">Do you think reproducible builds should happen?<br> If so, please help. We need your help and support.</p>
+ <p class="fragment">The goals of this talk were: to get you informed, excited & involved. And to explain that a lot of work and support is still needed, despite all the success so far! We are still far from being done. </p>
+
<h3>
<small>Holger Levsen <holger at debian.org><br>
B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C</small>
=====================================
2023-08-19-R-B-the-first-10-years/todo
=====================================
@@ -1,4 +1,9 @@
main story points:
+ improve end part, after summit slides
+ add funding
+ update debian stats, shorten existing debian slides at end
+ move goals from thanks to beginning! instead of "my talk" disclaimer
+
100% reproducible is a politcal task, not technical.
getting 100% of the software to build reproducible is only maybe half the work needed...
distro status:
@@ -22,11 +27,9 @@ main story points:
new todo:
nice übergänge
- incl S_D_E definition, no screenshots
- maybe
$ grep -c 'section da' index.html
should not return 74 but 42 or rather less
- now at 71 /o\
+ now at 64 :/
verifiable SBOMs!
http://v-s.d.n
someone please write a converter
@@ -42,9 +45,6 @@ old TODO:
- slide?: bootstrapable.org - this is limited to software. reproducible hardware & free & reproducible firmware...
-slide: but surely: the goal of this talk is
- - to get you excited & involved &|| caring and thus supportive
- the future is unwritten, much needs be done still
- recap what we have done, celebrate 10y of awesomeness
- so yeah, there's still a lot to be done after 100% which will make a UI obsolete
- on a distro scale (say: "please do it with an r-b debian fork. hah, doesnt work because of the 97% only yet".)
@@ -55,9 +55,6 @@ stretch/arm64 24719 22819 / 92.3% 1292 / 5.2% 277 / 1.1% 10 / 0.0
stretch/armhf 24719 22108 / 89.4% 2026 / 8.2% 193 / 0.8% 26 / 0.1% 119 / 0.5% 231 / 0.9% 16 / 0.1%
stretch/i386 24719 22488 / 91.0% 1985 / 8.0% 130 / 0.5% 7 / 0.0% 32 / 0.1% 76 / 0.3% 1 / 0.0%
-slide: recap: .buildinfo files / SBOM
- recorded or predictable/static buildpath
- (for Debian folks: no more build path variation in unstable)
slide: SBOMs are nothing new, we know them since 2014 or so.
verified SBOMs are cool: = have been used to verify = reproduce a build
slide: trixie, forky & probably 2 more until 100% reproducible Debian stable.
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/16b3cf737d0a2212008215db141cda077d11b0c9...35914b2b1da63d330846f3bfbe2a28e4724d9d5f
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/16b3cf737d0a2212008215db141cda077d11b0c9...35914b2b1da63d330846f3bfbe2a28e4724d9d5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230817/68778e14/attachment.htm>
More information about the rb-commits
mailing list