[Git][reproducible-builds/reproducible-presentations][master] 10 years r-b cccamp talk: final polishing, maybe

Holger Levsen (@holger) gitlab at salsa.debian.org
Sat Aug 19 13:12:49 UTC 2023 


Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
d4fd0d64 by Holger Levsen at 2023-08-19T15:12:36+02:00
10 years r-b cccamp talk: final polishing, maybe

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- 2023-08-19-R-B-the-first-10-years/index.html


Changes:

=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -568,7 +568,7 @@
 
 
       <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
-        <h3>Our solution</h3>
+        <h3>Our mission</h3>
         <ul>
           <li class="fragment">Enable anyone to independently verify that a given source produces bit by bit identical results.</li>
           <li class="fragment">Reproducible Builds are an important building block in making supply chains more secure. Nothing more, nothing less.</li>
@@ -578,10 +578,9 @@
 
       <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
 	<ul>
-        <li> By 2023 Reproducible Builds has been widely and largly understood:
+        <li> By 2023 Reproducible Builds has been widely understood:
 		<br><span class="fragment" style="font-size: 100%">https://reproducible-builds.org/resources/
 	<br>https://reproducible-builds.org/docs/
-	<br>https://reproducible-builds.org/docs/source-date-epoch/
 <br>https://reproducible-builds.org/docs/publications/</span></li>
 	<li><span class="fragment" style="font-size: 70%">https://www.whitehouse.gov/briefing-room/statements-releases/2021/06/08/...</span></li>
      	<ul class="fragment" style="font-size: 70%">
@@ -634,7 +633,7 @@
 	<li class="fragment">another BoF at DebConf14</li>
 	<li class="fragment">patches for <code>dpkg</code>: sorting fixes and .buildinfo files (SBOM!)</li>
 	<li class="fragment">in September 2014 I started systematic builds of Debian packages, twice. First just 100 packages, than all of them.</li>
-	<li class="fragment">Mike Perry and Seth Schoen gave that presentation at CCCongress in December 2014 showing "my" graphs. Wow.</li>
+	<li class="fragment">Mike Perry and Seth Schoen gave a presentation at CCCongress in December 2014 showing "my" graphs. Wow.</li>
 	</ul>
 	</section>
 
@@ -768,9 +767,10 @@
       <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
         <h2>SOURCE_DATE_EPOCH</h2>
 	<ul>
-	<li>who knows about SOURCE_DATE_EPOCH?</li>
-	<li class="fragment">build time stamps are meaningless. SOURCE_DATE_EPOCH describes the time of the last modification of the source.</li>
-	<li class="fragment">specification from 2015, supported by <b>a lot</b> of software today.</li>
+	<li>Who knows about SOURCE_DATE_EPOCH?</li>
+	<li class="fragment">Build time stamps are meaningless. SOURCE_DATE_EPOCH describes the time of the last modification of the source (in seconds since the Unix epoch).</li>
+	<li class="fragment">Supported by <b>a lot</b> of software today.</li>
+	<li class="fragment">The specification is from 2015 and was updated in 2017.
 	<li class="fragment">https://reproducible-builds.org/docs/source-date-epoch/</li>
 	</ul>
 	</section>
@@ -948,7 +948,17 @@ Warpforge.
 	<ul>
     	<li>2017: packages <em>should</em> build reproducibly.</li>
     	<li class="fragment">2023? reproducible packages <em>must not</em> regress.</li>
-    	<li class="fragment">2025? packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
+    	<li class="fragment">2025? NEW packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
+    	<li class="fragment">2027? packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
+	</ul>
+      </section>
+
+      <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+        <h2>Debian policy</h2>
+	<ul>
+    	<li>2017: packages <em>should</em> build reproducibly.</li>
+    	<li>2023? reproducible packages <em>must not</em> regress. NEW packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
+    	<li>2025? packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
 	</ul>
       </section>
 
@@ -1005,8 +1015,10 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
 	<li class="fragment">Alpine: basic support.</li>
         <li class="fragment">FreeBSD/NetBSD/OpenBSD: basic support.</li>
         <li class="fragment">Fedora/Redhat/Ubuntu: not interested it seems.</li>
-        <li class="fragment">though Fedora 38 (April 2023) enabled clamping mtimes of package files using SOURCE_DATE_EPOCH from changelog</li>
+	<ul>
+        <li class="fragment">though Fedora 38 (April 2023) enabled clamping mtimes of package files using SOURCE_DATE_EPOCH from changelog when building packages.</li>
         </ul>
+	</ul>
      </section>
 
       <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -1042,7 +1054,8 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
    	<li>Many projects support reproducible builds in theory today, but it's unclear what that means in practice and how users can know and be confident.</li>
 	<li>This is a huge success.</li>
 	<li class="fragment">Next: finish those last 1-5% upstream.</li>
-	<li class="fragment">Next: create infrastrcutures for rebuilders in practice.</li>
+	<li class="fragment">Next: create infrastructure of rebuilders in practice.</li>
+	<li class="fragment">Next: create infrastructure, processes and tools to securely use those results...</li>
 	<li class="fragment">Next: project-level consensus and commitment to reproducible builds in practice.</li>
 	</ul>
      </section>



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/d4fd0d642f8ce962cddffe8df553ddb3d02427a0

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/d4fd0d642f8ce962cddffe8df553ddb3d02427a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230819/17b1d606/attachment.htm>

More information about the rb-commits mailing list