[Git][reproducible-builds/reproducible-presentations][master] 10 years r-b cccamp talk: wip, still too many pages
Holger Levsen (@holger)
gitlab at salsa.debian.org
Fri Aug 18 14:39:41 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
6483c363 by Holger Levsen at 2023-08-18T16:39:29+02:00
10 years r-b cccamp talk: wip, still too many pages
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-08-19-R-B-the-first-10-years/index.html
- 2023-08-19-R-B-the-first-10-years/todo
Changes:
=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -866,21 +866,14 @@ Warpforge.
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Summary of reproducibility of various projects</h3>
- <ul>
- <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident.</p>
- <p class="fragment">I call it reproducible in theory or in CI.</p>
- <p class="fragment">This is a <em>massive</em> success! This was thought impossible not long ago.</p>
- </ul>
+ <h3>Short overviews of various projects</h3>
</section>
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>results for Debian unstable, until 20230804</h3>
<img src="images/stats_pkg_state_20230804.png">
</section>
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Debian trixie, 20230804</h3>
<img src="images/stats_pkg_state_trixie_20230804.png">
@@ -934,6 +927,23 @@ Warpforge.
</ul>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>100% reproducible is a politcal decision and nothing technical</h3>
+ <ul>
+ <li>Thus we need to change <code>debian-policy</code>!</li>
+ </ul>
+</section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>100% reproduciby in theory is not enough, by far.</h3>
+ <ul>
+ <li>Thus we need rebuilders.</li>
+ <li class="fragment">Thus we need a working <code>snapshot.debian.org</code> service.</li>
+ <li class="fragment">And then we need reproducible transparency logs and logic what to do when....</li>
+ <li class="fragment">And then we also need binary transparency logs (also because we haven't reached 100% yet).</li>
+ <li class="fragment">The above is true for all projects, not just Debian.</li>
+ </ul>
+ </section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -973,25 +983,18 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Summary of reproducibility of various projects, summarized again</h3>
+ <h3>Summary of various projects</h3>
<ul>
- <li>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident. I call it reproducible in theory or in CI.</li>
- <li>This is a huge success.</li>
- <li class="fragment">Next: make this accessable and usable for everyone.</li>
+ <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident.</p>
+ <p class="fragment">I call it reproducible in theory or in CI.</p>
+ <p class="fragment">This is a <em>massive</em> success! This was thought impossible not long ago.</p>
</ul>
</section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <img src="images/ccc2014-13.png">
- </section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Theory vs Praxis</h3>
- <ul>
- <li>I used to say: 96% reproducibility is a lie. Or rather: 96% are CI results.</li>
- <li class="fragment">Now I like to say: in theory, we are done. In practice, we have shown that reproducible builds can be done in theory.</li>
- </ul>
+ <img src="images/ccc2014-13.png">
</section>
@@ -999,14 +1002,22 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Theory vs Praxis</h3>
<ul>
- <li>Rebuilding / reproducing Debian in practice also requires a working snapshot.debian.org service and we don't have this.</li>
+ <li>I used to say: 96% reproducibility is a lie. Or rather: 96% are CI results.</li>
+ <li class="fragment">Now I like to say: in theory, we are done. In practice, we have shown that reproducible builds can be done in theory.</li>
<li class="fragment">Then we also need many rebuilders and we need to store the results somewhere and we need to define criterias how tools should treat that data...</li>
- <li class="fragment">Those missing 5% are <b>one</b> reason why we are not done yet.<li>
<li class="fragment">Those missing 5% are crucial however, or at least 1% of them. For Debian, 1% means 300 softwares...</li>
</ul>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Summary</h3>
+ <ul>
+ <li>Many projects support reproducible builds in theory today, but it's unclear what that means in practice and how users can know and be confident. I call it reproducible in theory or in CI.</li>
+ <li>This is a huge success.</li>
+ <li class="fragment">Next: make this accessable and usable for everyone.</li>
+ </ul>
+ </section>
=====================================
2023-08-19-R-B-the-first-10-years/todo
=====================================
@@ -1,15 +1,9 @@
last story points:
theory vs praxis:
- "theory" is easy (it was not! and it was a lot of work)
- binary transparency would be useful to bridge that gap
- and still needed with 100% r-b
getting 100% of the software to build reproducible is only maybe half the work needed...
debian next milestones
- realistically, 100% reproducible is a politcal decision and nothing technical.
commitment from Debian project to do it
-> policy changes
- working snapshot.d.o service
- -> requirement for rebuilder
list 10 biggest blockers?
archlinux next milestones
I dunno, I'm not even using Arch Linux ;)
@@ -23,5 +17,5 @@ new todo:
nice übergänge
$ grep -c 'section da' index.html
should not return 74 but 42 or rather less
- now at 65 :/
+ now at 67 :/
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/6483c3632844350b3361da87706050bcb6bb469c
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/6483c3632844350b3361da87706050bcb6bb469c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230818/5f739058/attachment.htm>
More information about the rb-commits
mailing list