[Git][reproducible-builds/reproducible-website][master] 2023-08: small fixes, += https://github.com/serde-rs/serde/pull/2590

FC (Fay) Stegerman (@obfusk) gitlab at salsa.debian.org
Wed Sep 6 22:36:05 UTC 2023 


FC (Fay) Stegerman pushed to branch master at Reproducible Builds / reproducible-website


Commits:
d90345ca by FC Stegerman at 2023-09-07T00:35:46+02:00
2023-08: small fixes, += https://github.com/serde-rs/serde/pull/2590

- - - - -


1 changed file:

- _reports/2023-08.md


Changes:

=====================================
_reports/2023-08.md
=====================================
@@ -19,11 +19,11 @@ The motivation behind the reproducible builds effort is to ensure no flaws have
 
 ## News
 
-[Bleeping Computer](https://www.bleepingcomputer.com/about/) reported that [Serde](https://serde.rs/), a popular Rust serialization framework, has [decided to ship its `serde_derive` macro as a precompiled binary](https://www.bleepingcomputer.com/news/security/rust-devs-push-back-as-serde-project-ships-precompiled-binaries/). As [Ax Sharma](https://www.bleepingcomputer.com/author/ax-sharma/) writes:
+[Bleeping Computer](https://www.bleepingcomputer.com/about/) reported that [Serde](https://serde.rs/), a popular Rust serialization framework, had [decided to ship its `serde_derive` macro as a precompiled binary](https://www.bleepingcomputer.com/news/security/rust-devs-push-back-as-serde-project-ships-precompiled-binaries/). As [Ax Sharma](https://www.bleepingcomputer.com/author/ax-sharma/) writes:
 
 > The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a **potential for supply chain attacks, should the maintainer account publishing these binaries be compromised**.
 
-[More info](https://www.bleepingcomputer.com/news/security/rust-devs-push-back-as-serde-project-ships-precompiled-binaries/).
+After [intensive discussions](https://github.com/serde-rs/serde/issues/2538), use of the precompiled binary [was phased out](https://github.com/serde-rs/serde/pull/2590).
 
 <br>
 
@@ -87,11 +87,11 @@ Rahul Bajaj updated our website to add a series of environment variations relate
 
 [![]({{ "/images/reports/2023-08/diffoscope.png#right" | relative_url }})](https://diffoscope.org)
 
-In [*diffoscope*](https://diffoscope.org) development this month, versions `247`, `248` and `249` were uploaded to Debian *unstable* by Chris Lamb, who also added documentation for the new `specialize_as` method and expanding the documentation of the existing `specialize` as well [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1f8d9e17)]. In addition, FC Stegerman added an optimisation for `.smali` comparisons in Android `.APK` files [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fe513c02)], Felix Yan corrected typos in `diffoscope/presenters/utils.py` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/bf334e1d)], Greg Chabala merged the RUN commands into single layer in the package's `Dockerfile` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0798a2d1)] and Roland Clobus updated tool descriptions to mark that the `xb-tool` has moved package within Debian [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/18f764f3)].
+In [*diffoscope*](https://diffoscope.org) development this month, versions `247`, `248` and `249` were uploaded to Debian *unstable* by Chris Lamb, who also added documentation for the new `specialize_as` method and expanding the documentation of the existing `specialize` as well [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1f8d9e17)]. In addition, Fay Stegerman added an optimisation for `.smali` comparisons in Android `.apk` files [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fe513c02)], Felix Yan corrected typos in `diffoscope/presenters/utils.py` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/bf334e1d)], Greg Chabala merged the RUN commands into single layer in the package's `Dockerfile` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0798a2d1)] and Roland Clobus updated tool descriptions to mark that the `xb-tool` has moved package within Debian [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/18f764f3)].
 
 <br>
 
-[*reprotest*](https://salsa.debian.org/reproducible-builds/reprotest) is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, Vagrant Cascadian updated the packaging to be compatible with [Tox](https://tox.wiki/en/latest/index.html) version 4. This was originally filed as Debian bug [#1042918](https://bugs.debian.org/1042918) and Holger Levsen uploaded this to change to Debian *unstable* as version 0.7.26 [[…]](https://tracker.debian.org/news/1450119/accepted-reprotest-0726-source-into-unstable/)].
+[*reprotest*](https://salsa.debian.org/reproducible-builds/reprotest) is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, Vagrant Cascadian updated the packaging to be compatible with [Tox](https://tox.wiki/en/latest/index.html) version 4. This was originally filed as Debian bug [#1042918](https://bugs.debian.org/1042918) and Holger Levsen uploaded this to change to Debian *unstable* as version 0.7.26 [[…](https://tracker.debian.org/news/1450119/accepted-reprotest-0726-source-into-unstable/)].
 
 <br>
 
@@ -107,6 +107,8 @@ In Debian, 28 reviews of Debian packages were added, 14 were updated and 13 were
 
 In August, F-Droid added 25 new reproducible apps and saw 2 existing apps switch to reproducible builds, making 191 apps in total that are published with Reproducible Builds and using the upstream developer's signature. [[…](https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/overview.md)]
 
+<br>
+
 [![]({{ "/images/reports/2023-08/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
 
 Bernhard M. Wiedemann published another [monthly report about reproducibility within openSUSE](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/PZVK36KUEDRUSVSUP6KILC5NZPBKZ2VT/).



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/d90345cac26dbd7cd26d1abc748edd49d5723434

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/d90345cac26dbd7cd26d1abc748edd49d5723434
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230906/f14d4c3e/attachment.htm>

More information about the rb-commits mailing list