[Git][reproducible-builds/reproducible-presentations][master] SeaGL 2023-11-04: Beyond Trusting FOSS, rough draft...

Vagrant Cascadian (@vagrant) gitlab at salsa.debian.org
Tue Oct 31 20:40:57 UTC 2023



Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
de98bb9a by Vagrant Cascadian at 2023-10-31T13:40:00-07:00
SeaGL 2023-11-04: Beyond Trusting FOSS, rough draft...

- - - - -


12 changed files:

- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/Beyond-Trusting-FOSS.org
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/Makefile
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/beyond-trusting-foss.install
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/changelog
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/control
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/copyright
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/rules
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/source/format
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/diffoscope.png
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/reproducible-builds.png
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/try.diffoscope.org.png
- + 2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/vagrantupsidedown.png


Changes:

=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/Beyond-Trusting-FOSS.org
=====================================
@@ -0,0 +1,742 @@
+#+TITLE: Beyond Trusting FOSS
+#+AUTHOR: Vagrant Cascadian <vagrant at reproducible-builds.org>
+#+EMAIL: vagrant at reproducible-builds.org
+#+DATE: SeaGL 2023-11-04
+#+LANGUAGE:  en
+#+OPTIONS:   H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
+#+OPTIONS:   TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
+#+OPTIONS: ^:nil
+#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
+#+EXPORT_SELECT_TAGS: export
+#+EXPORT_EXCLUDE_TAGS: noexport
+#+startup: beamer
+#+LaTeX_CLASS: beamer
+#+LaTeX_CLASS_OPTIONS: [bigger]
+#+latex_header: \mode<beamer>{\usetheme{Madrid}}
+#+LaTeX_CLASS_OPTIONS: [aspectratio=169]
+#+BEGIN_comment
+https://osem.seagl.org/conferences/seagl2023/program/proposals/939
+Beyond Trusting FOSS
+
+Software released under a FOSS license and developed using an FOSS
+model come with many benefits, allowing the ability to use, study,
+change, and share not only the software itself, but similarly engage
+with a community around the software in a transparent manner.
+
+One of the strongest assertions of open-source software is that it is
+more secure, as many parties are able to independently inspect the
+code...
+
+Most code in the modern day is distributed as precompiled binary code,
+indistinguishable from gibberish to even very savvy humans; this makes
+the binary code largely impractical to audit. Blind trust is a
+frightening security model!
+
+Reproducible Builds provides a way to build trust that the binaries
+produced are the intended result of the source code, by making it
+possible for independent third-party verification of binaries to
+produce bit-for-bit identical binaries.
+
+This talk will introduce the concepts of Reproducible Builds,
+including best practices for developing and releasing software, the
+tools available to help diagnose issues, and touch on progress towards
+solving decades-old deeply pervasive fundamental security issues...
+
+Learn how to verify and demonstrate trust, rather than simply hoping
+everything is OK!
+
+https://reproducible-builds.org
+
+Date:
+    2023 November 4 - 12:00
+Duration:
+    30 min
+Room:
+    Room 4 
+Conference:
+    SeaGL 2023
+Language:
+Track:
+    Security and Privacy 
+Difficulty:
+    Introductory 
+#+END_comment
+
+* Who am I
+
+** image
+	:PROPERTIES:
+	:BEAMER_col: 0.4
+	:END:
+
+[[./images/vagrantupsidedown.png]]
+
+
+** text
+	:PROPERTIES:
+	:BEAMER_col: 0.4
+	:END:
+
+  |                     | Vagrant |
+  |---------------------+---------|
+  | debian user         |    2001 |
+  | debian developer    |    2010 |
+  | reproducible builds |    2015 |
+
+* Free and Open Source Software
+
+Free and Open Source Software
+
+#+ATTR_BEAMER: :overlay <+->
+- Use
+- Study
+- Change
+- Share
+- Community
+
+* Reproducible Builds
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.7
+    :END:
+
+https://reproducible-builds.org/docs/definition/
+
+\vspace{\baselineskip}
+
+A build is reproducible if given the same source code, build
+environment and build instructions, any party can recreate bit-by-bit
+identical copies of all specified artifacts.
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+
+[[./images/reproducible-builds.png]]
+
+* Spelling it out
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.7
+    :END:
+
+Reproducible Builds provides...
+
+#+ATTR_BEAMER: :overlay <+->
+- strong confidence...
+- that a binary was produced from a given source...
+- ...probably!
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+[[./images/reproducible-builds.png]]
+
+
+
+* Freedom to iterate
+
+Benefits of Reproducible Builds
+
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Security
+- Code refactoring
+- Build Caching
+
+* For example
+
+Debian
+
+#+ATTR_BEAMER: :overlay <+->
+- The Universal Operating System
+- ~34000 source packages ... and counting
+- 380 million lines of code ... and counting!
+- ~95% reproducible
+
+* diffocope
+
+https://diffoscope.org
+
+\vspace{\baselineskip}
+
+#+ATTR_BEAMER: :overlay <+->
+- Recursive and human-readable "diff"
+- locates and diagnoses reproducibility issues
+- used for analysing *why* something is reproducible!
+- *not* used for determining whether something is reproducible!
+
+* diffoscope example
+
+[[./images/diffoscope.png]]
+
+* diffoscope, supported file types
+
+Android APK files, Android boot images, Ar(1) archives, Berkeley DB database files, Bzip2 archives, Character/block devices, ColorSync colour profiles (.icc), Coreboot CBFS filesystem images, Cpio archives, Dalvik .dex files, Debian .buildinfo files, Debian .changes files, Debian source packages (.dsc), Device Tree Compiler blob files, Directories, ELF binaries, Ext2/ext3/ext4/btrfs filesystems, FreeDesktop Fontconfig cache files, FreePascal files (.ppu), Gettext message catalogues, GHC Haskell .hi files, GIF image files, Git repositories, GNU R database files (.rdb), GNU R Rscript files (.rds), Gnumeric spreadsheets, Gzipped files, ISO 9660 CD images, Java .class files, JavaScript files, JPEG images, JSON files, LLVM IR bitcode files, MacOS binaries, Microsoft Windows icon files, Microsoft Word .docx files, Mono 'Portable Executable' files, Ogg Vorbis audio files, OpenOffice .odt files, OpenSSH public keys, OpenWRT package archives (.ipk), PDF documents, PGP signed/encrypted messages, PNG images, PostScript documents, RPM archives, Rust object files (.deflate), SQLite databases, SquashFS filesystems, Statically-linked binaries, Symlinks, Tape archives (.tar), Tcpdump capture files (.pcap), Text files, TrueType font files, XML binary schemas (.xsb), XML files, XZ compressed files, etc.
+
+* try diffoscope
+
+https://diffoscope.org
+
+\vspace{\baselineskip}
+
+Available on many platforms:
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- Debian
+- Fedora
+- OpenSUSE
+- Archlinux
+- GNU Guix
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- NixOS
+- FreeBSD
+- NetBSD
+- Homebrew
+- PyPI
+
+* try diffoscope online
+
+And on the World Wide Web!
+
+https://try.diffoscope.org
+
+[[./images/try.diffoscope.org.png]]
+
+* Reprotest
+
+reprotest
+
+#+ATTR_BEAMER: :overlay <+->
+- builds something twice with many variations
+- https://salsa.debian.org/reproducible/reprotest
+- if unreproducible: "bisect" the variations
+
+* So you want to have Reproducible builds
+
+https://reproducible-builds.org/docs/recording/
+
+Providing sufficient information for independent verification:
+
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- "toolchain" packages at specific versions
+- SOURCE_DATE_EPOCH (seconds since 1970-01-01)
+- Works best with Free and Open Source Software!
+
+* To Catch a Regression
+
+Automatic Testing (Continuous Integration, Quality Assurance, etc.)
+
+* Forget Trust, Verify
+
+No need to Trust, All you need is:
+
+  #+ATTR_BEAMER: :overlay <+->
+- Free/Libre and Open Source Software
+- Reproducible Builds
+- Bootstrapping
+- Diverse compilation
+- ... and lots of compile cycles
+
+
+* Trust
+
+Different levels of trust:
+
+  #+ATTR_BEAMER: :overlay <+->
+- curl http://example.net/hackme | sudo sh
+- curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+- download file, verify signature ... run code
+- download source, verify signature, compile from source
+- emerge --emptytree @world
+- rewrite everything in assembly
+- build it up from transitors
+- I have a beach, some wood, abundant sunshine, and a lot of time
+
+* Trusting Trust
+
+Ken Thompson
+
+Reflections on trusting trust, 1984
+
+https://archive.org/details/reflections-on-trusting-trust
+
+* The Moral of Trusting Trust
+
+"You can't trust code that you did not totally create yourself.
+
+(Especially code from companies that employ people like me.)
+
+No amount of source-level verification or scrutiny will protect you
+
+from using untrusted code." - Ken Thompson
+
+* Did I say 1984, I meant 1974
+
+Karger, 1974
+
+"... insert a trap door into the... compiler...
+
+the trap door can maintain itself,
+
+even when the compiler is recompiled"
+
+* Decades of Trust
+
+Since 1974
+
+  #+ATTR_BEAMER: :overlay <+->
+- 1984: Reflections on trusting trust
+- 1980s: some papers about compiling multiple times
+- 1990s ... usenet post mumbling about multiple compilers
+- 2000s: some more papers about compiling multiple times
+- 2005: Countering Trusting Trust through Diverse Double-Compiling
+- 2009: Fully Countering Trusting Trust through Diverse Double-Compiling
+- ... and some high profile compromises!
+
+* XcodeGhost or should we say Strawhorse?
+
+  XcodeGhost, 2015
+
+  #+ATTR_BEAMER: :overlay <+->
+- Modified version of Apple's Xcode
+- Over 4000 compromised apps
+
+* SolarWhat?
+
+  SolarWinds, 2020
+
+  #+ATTR_BEAMER: :overlay <+->
+- Compromised build server...
+- ...via weak and/or leaked passphrases
+- signing certificates compromised
+- possibly 18000 affected installations
+
+* The price of Trust
+
+What is the Price...
+
+of Trusting Trust?
+
+* Free and Open Source Software
+
+Free and Open Source Software
+
+#+ATTR_BEAMER: :overlay <+->
+- Use
+- Study
+- Change
+- Share
+- Community
+
+* Share what exactly
+
+Sharing FOSS...
+
+#+ATTR_BEAMER: :overlay <+->
+- source
+- binaries
+- files packaged for distribution
+
+* Where do binaries come from
+
+#+ATTR_BEAMER: :overlay <+->
+- Source code...
+- Transformed by a toolchain...
+- Into machine code
+
+* A taste of source
+
+from bash 5.0 assoc.c:
+
+#+BEGIN_SRC C
+assoc_insert (hash, key, value)
+     HASH_TABLE *hash;
+     char *key;
+     char *value;
+{
+  BUCKET_CONTENTS *b;
+
+  b = hash_search (key, hash, HASH_CREATE);
+  if (b == 0)
+    return -1;
+  /* If we are overwriting an existing element's value, we're not going to
+     use the key.  Nothing in the array assignment code path frees the key
+     string, so we can free it here to avoid a memory leak. */
+  if (b->key != key)
+    free (key);
+  FREE (b->data);
+  b->data = value ? savestring (value) : (char *)0;
+  return (0);
+}
+#+END_SRC
+
+* Building the software
+
+#+BEGIN_SRC shell
+./configure
+make
+make install
+#+END_SRC
+
+* A resulting binary might look like
+
+#+BEGIN_SRC shell
+
+$ head /bin/bash
+ELF&@@8 @@88TTTDDPtdDDQtdRtd0<0</lib/ld-linux-aarch64.so.1GNUy;OġUQGNU 04
+                                                                          #!JzdAPDDB D  @AJ!Ih at i"r
+NL@@@AB
+0Iq(h   @(
+          H &RD!D
+                    $DP`
+ @A4 at ABf L0 dPCDDBE % 32BX at TD$
+ @A%
+
+!0`0@@bBh
+         HBH
+Xq@ Y       `1B
+BdH(0"BB1@
+          2
+ s0 "Bi$DF0"B 6)4$
+=HdL at 0( 0D at kBDQH`$yh@(>5R @!% PH
+b
+RAbN at P@L.<:B@&
+              JFD08 `
+                     p0D@`
+                           H`P30
+                                 BL 9E4( B
+#+END_SRC
+
+* Reproducible Builds
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.7
+    :END:
+
+https://reproducible-builds.org/docs/definition/
+
+\vspace{\baselineskip}
+
+A build is reproducible if given the same source code, build
+environment and build instructions, any party can recreate bit-by-bit
+identical copies of all specified artifacts.
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+
+[[./images/reproducible-builds.png]]
+
+* Spelling it out
+
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.7
+    :END:
+
+Reproducible Builds provides...
+
+#+ATTR_BEAMER: :overlay <+->
+- strong confidence...
+- that a binary was produced from a given source...
+- ...probably!
+
+** image
+    :PROPERTIES:
+    :BEAMER_col: 0.3
+    :END:
+[[./images/reproducible-builds.png]]
+
+* Once upon a time
+
+#+ATTR_BEAMER: :overlay <+->
+- Historically software was reproducible! Every bit counted.
+- Things eventually got more complicated...
+- Bit for bit reproducible GNU toolchain in the early 90s on 10(?) architectures.
+- *And we all forgot.*
+- In 2011 and 2012, Bitcoin and Torbrowser were made reproducible...
+
+* Enter Debian
+
+In 2013 folks explore reproducibility for all of Debian
+
+* Status in Debian
+
+Debian
+
+  #+ATTR_BEAMER: :overlay <+->
+- ~34000 source packages
+- ~95% reproducible
+- in theory...
+- many submitted patches
+
+* Debian: gcc and binutils
+
+gcc and binutils
+
+  #+ATTR_BEAMER: :overlay <+->
+- test suite logs
+- PGO (Profile Guided Optimiziation)
+- LTO (Link Time Optimization)
+
+* Debian: linux
+
+linux
+
+  #+ATTR_BEAMER: :overlay <+->
+- documentation randomness
+- other unidentified issues
+- fixes available
+  https://bugs.debian.org/1033663
+  https://salsa.debian.org/kernel-team/linux/-/merge_requests/741
+- well, partial fixes, anyways...
+
+* Debian: libzstd
+
+libzstd
+
+- recent regression
+
+* Status in Guix
+
+GNU Guix
+
+#+ATTR_BEAMER: :overlay <+->
+- ~87% reproducible
+- in practice!
+- 21594 Reproducible!
+- 1559 Unreproducible...
+- 1692 Unknown...
+
+* Guix made for success
+
+GNU Guix
+
+#+ATTR_BEAMER: :overlay <+->
+- reproducible by design
+- normalized build environment
+- guix challenge
+- two build farms to compare against
+
+* Arch Linux
+
+Arch Linux
+
+https://reproducible.archlinux.org/
+
+#+ATTR_BEAMER: :overlay <+->
+- ~14000 packages
+- ~86% reproducible
+- in practice!
+
+* But wait, there is more!
+
+#+ATTR_BEAMER: :overlay <+->
+- NetBSD 84%
+- OpenWRT 96%-100%
+- Coreboot 100%
+- NixOS 95%-99.7%
+- Yocto 99.98%
+- openEuler 96%
+- openSUSE mostly reproducible (caveats apply)
+
+* We miss you!
+
+We once had testing for...
+
+- Alpine
+- Fedora
+
+* I am not picky about the color of your hat
+
+Wishlist based on current events...
+
+- AlmaLinux
+- Rocky Linux
+
+* Proof Pudding
+
+Reproducible Builds is totally possible...
+
+...But it only provides one strong link in a chain
+
+* Building on a solid foundation of turtles
+
+  https://bootstrappable.org
+
+Compiling your C compiler with a C compiler
+
+And a C compiler to compile the other C compiler
+
+...Ad infinitum
+
+* Java bootstrap
+
+Java bootstrapping
+
+  #+ATTR_BEAMER: :overlay <+->
+- openjdk17 needs...
+- openjdk16 which needs...
+- ...
+- openjdk9 ... etc.
+
+* Rust bootstrap
+
+Rust bootstrapping
+
+  #+ATTR_BEAMER: :overlay <+->
+- rust 1.64 needs...
+- rust 1.63 which needs...
+- ...
+- rust 1.54 can be built with mrustc
+- mrustc is written in C++
+
+* Diverse Double Compiling
+
+David A. Wheeler
+
+Fully Countering Trusting Trust through Diverse Double-Compiling, 2009
+
+https://dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html
+
+* A beautiful Mes
+
+GNU Mes is a Scheme interpreter and C compiler for bootstrapping the GNU System.
+
+https://www.gnu.org/software/mes/
+
+* We made the same Mes
+
+Bit-for-bit identical Mes built on three different distributions
+
+https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/
+
+* Beginning with a Mes
+
+GNU Guix: The Reduced Binary Seed Bootstrap
+
+https://guix.gnu.org/en/manual/devel/en/guix.html#Reduced-Binary-Seed-Bootstrap
+  #+ATTR_BEAMER: :overlay <+->
+- ...
+- Reduced to 145MB of bootstrap binaries (from 250MB)
+- Using Mes and guile...
+- Builds from source GCC, binutils, glibc, etc.
+- 145MB of binaries is still not really auditable...
+
+* Before The Mes and Beyond
+
+  GNU Guix: The Full-Source Bootstrap
+
+https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/
+
+  Now available via guix pull!
+
+  #+ATTR_BEAMER: :overlay <+->
+- hex0 (357-byte binary)
+- hex1
+- M0
+- hex2
+- M1
+- mescc-tools
+- M2-Planet
+- Mes
+- TinyCC (patched)
+- old versions of GCC, binutils, glibc, gzip, tar ...
+- modern GCC and everything
+
+* Make it live
+
+  https://github.com/fosslinux/live-bootstrap
+
+  #+ATTR_BEAMER: :overlay <+->
+- A live environment
+- From kernel and a bit of source code
+- To a reproducibly bootstrapped toolchain
+- no pregenerated "source" code shortcuts
+
+* UEFI based bootstrap
+
+Work-in-progress UEFI bootstrap
+
+https://git.stikonas.eu/andrius/stage0-uefi
+
+Only stage0...
+
+* Bare Metal Bootstrap
+
+Stage0 on Bare Metal?
+
+https://git.savannah.nongnu.org/cgit/stage0.git/tree/
+
+* architectures
+
+Full bootstrap only available on x86
+
+...x86 toolchain can then cross-compile to x86_64
+
+* architectures in progress
+- arm
+- riscv64
+- powerpc64le or powerpc64el
+
+* Freedom in your bits and bytes
+
+Free/Libre and Open Source Software
+
+Allows arbitrary third-party verification
+
+
+  
+* Make it happen
+
+https://reproducible-builds.org/contribute/
+
+* Keeping the lights on
+
+https://reproducible-builds.org/donate/
+
+* Thanks
+
+https://reproducible-builds.org/who/sponsors/
+
+Open Technology Fund
+
+Civil Infrastructure Platform
+
+Mullvad VPN
+
+Protocol Labs
+
+* Copyright and attributions
+\addtocounter{framenumber}{-1}
+\tiny
+
+  Copyright 2019-2023 Vagrant Cascadian <vagrant at reproducible-builds.org>
+  Portions by contributors to the reproducible-builds.org website.
+
+  Copyright 2019 Holger Levsen <holger at layer-acht.org>
+
+  This work is licensed under the Creative Commons
+  Attribution-ShareAlike 4.0 International License.
+
+  To view a copy of this license, visit
+  https://creativecommons.org/licenses/by-sa/4.0/


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/Makefile
=====================================
@@ -0,0 +1,16 @@
+# thanks to dima for walking me through this!
+#
+# needs: apt install emacs texlive-latex-extra texlive-plain-generic
+
+export FORCE_SOURCE_DATE = 1
+export SOURCE_DATE_EPOCH := $(shell date --utc --date '2023-11-04 12:00:00 -0700' +%s)
+
+all: $(patsubst %.org,%.pdf,$(wildcard *.org))
+
+%.pdf: %.org
+	emacs -Q --batch --eval '(progn (random "0") (find-file "$<") (org-beamer-export-to-pdf))'
+
+clean:
+	rm -f *.pdf *.tex *.png
+
+.PHONY:clean


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/beyond-trusting-foss.install
=====================================
@@ -0,0 +1 @@
+Beyond-Trusting-FOSS.pdf /usr/share/doc/beyond-trusting-foss/


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/changelog
=====================================
@@ -0,0 +1,5 @@
+beyond-trusting-foss (2023.11.14+seagl~1) UNRELEASED; urgency=medium
+
+  * Presented at SeaGL 2023.
+
+ -- Vagrant Cascadian <vagrant at reproducible-builds.org>  Tue, 31 Oct 2023 13:04:22 -0700


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/control
=====================================
@@ -0,0 +1,17 @@
+Source: beyond-trusting-foss
+Section: doc
+Priority: optional
+Maintainer: Vagrant Cascadian <vagrant at reproducible-builds.org>
+Build-Depends: debhelper-compat (=13),
+ emacs,
+ emacs-nox,
+ texlive-latex-extra,
+ texlive-plain-generic,
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Homepage: https://osem.seagl.org/conferences/seagl2023/program/proposals/939
+
+Package: beyond-trusting-foss
+Architecture: all
+Depends: ${misc:Depends}, ${shlibs:Depends},
+Description: Beyond Trusting FOSS


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/copyright
=====================================
@@ -0,0 +1,14 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Reproducible Builds All The Way Down
+Source: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/tree/master/2023-04-11-SeaGL-Beyond-Trusting-FOSS/
+
+Files: *
+Copyright: 2019-2023 Vagrant Cascadian <vagrant at reproducible-builds.org>
+License: cc-by-sa-4.0
+
+License:
+  This work is licensed under the Creative Commons
+  Attribution-ShareAlike 4.0 International License.
+  .
+  To view a copy of this license, visit
+  https://creativecommons.org/licenses/by-sa/4.0/


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/rules
=====================================
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/debian/source/format
=====================================
@@ -0,0 +1 @@
+3.0 (native)


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/diffoscope.png
=====================================
Binary files /dev/null and b/2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/diffoscope.png differ


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/reproducible-builds.png
=====================================
Binary files /dev/null and b/2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/reproducible-builds.png differ


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/try.diffoscope.org.png
=====================================
Binary files /dev/null and b/2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/try.diffoscope.org.png differ


=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/vagrantupsidedown.png
=====================================
Binary files /dev/null and b/2023-11-04-SeaGL-Beyond-Trusting-FOSS/images/vagrantupsidedown.png differ



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/de98bb9abacd5e8797a81372b0be37cc853f070e

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/de98bb9abacd5e8797a81372b0be37cc853f070e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20231031/b3497395/attachment.htm>


More information about the rb-commits mailing list