[Git][reproducible-builds/reproducible-presentations][master] fosdem 2024: more wip
Holger Levsen (@holger)
gitlab at salsa.debian.org
Fri Feb 2 13:36:49 UTC 2024
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
cb0afa82 by Holger Levsen at 2024-02-02T14:35:47+01:00
fosdem 2024: more wip
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2024-02-03-R-B-the-first-10-years/index.html
- 2024-02-03-R-B-the-first-10-years/todo
Changes:
=====================================
2024-02-03-R-B-the-first-10-years/index.html
=====================================
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
- <title>Reproducible Builds - the first ten years</title>
+ <title>Reproducible Builds - the first ten years and beyond</title>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
@@ -125,10 +125,15 @@
<body>
<div class="reveal">
<div class="slides">
+
+ <section data-background-color="white">
+ <img class="fragment" src="images/fosdem2014-1.png" width="100%">
+ </section>
+
<section>
<br>
<h3>
- Reproducible Builds, <br>the first ten years
+ Reproducible Builds, <br>the first ten years and beyond!
</h3>
<br>
<img src="images/reprobuilds-display.jpeg" style="height: 220px; border-radius: 10px;">
@@ -137,7 +142,8 @@
<h6>
<small>
Holger Levsen<br>
- FOSDEM 2024
+ FOSDEM 2024<br>
+ 2024-02-03, Brussels
</small>
</h6>
<img src="images/FOSDEM_logo.svg" style="height: 70px;">
@@ -168,7 +174,7 @@
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>people working on this - so far & TTBOMK</h3>
+ <h3>people working on this - TTBOMK</h3>
<!-- taken from website.git/_data/contributors.yml -->
<p style="font-size: 42%">
@@ -252,6 +258,7 @@
• Jakub Wilk
• James Fenn
• Jan Nieuwenhuizen
+ • Jan-Benedict Glaw
• Javier Jardón
• Jelle van der Waa
• Jelmer Vernooij
@@ -347,7 +354,7 @@
</section>
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>contributors according to website.git/_data/contributors.yml</em></h3>
+ <h3>according to website.git/_data/contributors.yml</em></h3>
<!-- taken from website.git/_data/contributors.yml -->
<p style="font-size: 66%">
@@ -434,6 +441,7 @@
• Jakub Wilk
• James Fenn
• Jan Nieuwenhuizen
+ • Jan-Benedict Glaw
• Javier Jardón
• Jelle van der Waa
• Jelmer Vernooij
@@ -568,6 +576,24 @@
<h2>Ancient history (>10 years ago)</h2>
<ul>
<li class="fragment">Thread on debian-devel at lists.debian.org from 2007. Deemed undoable by many.</li>
+ </ul>
+ </section>
+
+
+ <section data-background-color="white" data-transition="none">
+ <img class="fragment" src="images/fosdem2014-3.png" width="100%">
+ </section>
+ <section data-background-color="white" data-transition="none">
+ <img class="fragment" src="images/fosdem2014-4.png" width="100%">
+ </section>
+ <section data-background-color="white" data-transition="none">
+ <img class="fragment" src="images/fosdem2014-5.png" width="100%">
+ </section>
+
+ <section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h2>Ancient history (>10 years ago)</h2>
+ <ul>
+ <li>Thread on debian-devel at lists.debian.org from 2007. Deemed undoable by many.</li>
<li class="fragment">Though the idea initially appeared in 2000 on debian-devel at l.d.o.</li>
<li class="fragment">And then in 2017 we learned from John Gilmore on rb-general at lists.reproducible-builds.org that GCC was reproducible in the early 1990s on several architectures!</li>
</ul>
@@ -594,11 +620,22 @@
<img class="fragment" src="images/logo.png" width="584">
</section>
-
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Our mission</h3>
<ul>
<li class="fragment">Enable anyone to independently verify that a given source produces bit by bit identical results.</li>
+ </ul>
+ </section>
+
+
+ <section data-background-color="white">
+ <img class="fragment" src="images/fosdem2014-2.png" width="100%">
+ </section>
+
+ <section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Our mission</h3>
+ <ul>
+ <li>Enable anyone to independently verify that a given source produces bit by bit identical results.</li>
<li class="fragment">Reproducible Builds are an important building block in making supply chains more secure. Nothing more, nothing less.</li>
<li class="fragment">(Un)secure software build reproducibly still remains (un)secure software. However, with reproducible builds you can be sure that you are running the software you want to be running, built from the sources you want to be using.</li>
</ul>
@@ -654,6 +691,11 @@
<li>Edward Snowden / Torbrowser</li>
<li class="fragment">...and a LOT of work by MANY people over 10 years</li>
</section>
+
+ <section data-background-color="white">
+ <img class="fragment" src="images/fosdem2014-6.png" width="100%">
+ </section>
+
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h2>2013 and 2014</h2>
<ul>
@@ -735,8 +777,8 @@
<li>https://reproducible-builds.org/docs/</li>
<li>Lunar's talk at CCCamp 2015</li>
<span class="fragment">
+ <li>It's much easier to show common pitfalls making a package unreproducible than the opposite:</li>
<li>https://github.com/bmwiedemann/theunreproduciblepackage</li>
- <li>It's much easier to show common pitfalls making a package unreproducible than the opposite...</li>
</ul>
</span>
</section>
@@ -903,11 +945,9 @@ Warpforge.
<li style="font-size: 300%">2024</li>
<li class="fragment">where?</li>
<li class="fragment">when?</li>
- <span class="fragment">
- <li class="fragment">❤️ location wanted! ❤️ </li>
- <li class="fragment">❤️ sponsors wanted! ❤️ </li>
- <li class="fragment">❤️ you wanted! ❤️ </li>
- </span>
+ <li class="fragment">We need a location for 50 people.</li>
+ <li class="fragment">We need sponsors to cover the costs.</li>
+ <li class="fragment">We need you!</li>
</section>
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -1132,13 +1172,14 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</section>
<section data-background="images/FOSDEM_logo.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Summary</h3>
+ <h3>Summary, looking forward</h3>
<ul>
<li>Many projects support or aim for reproducible builds today. This is a huge success.</li>
<li class="fragment">Next: finish those last 1-5% upstream.</li>
<li class="fragment">Next: create infrastructure of rebuilders in practice.</li>
<li class="fragment">Next: create infrastructure, processes and tools to securely use those results...</li>
<li class="fragment">Next: project-level consensus and commitment to reproducible builds in practice.</li>
+ <li class="fragment">Next: ... !!!</li>
</ul>
</section>
@@ -1171,7 +1212,34 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
unreproducible packages out of the 1337 most popular
</h3>
<p style="font-size: 100%">
-bind9 bluez ffmpeg gegl gnupg2 graphviz grub2 guile-2.2 ibus icu imagemagick libayatana-appindicator libdmapsharing libjcat libu2f-host libzstd lirc lynx mako nss numpy openh264 p7zip qtbase-opensource-src qtmultimedia-opensource-src qtquickcontrols2-opensource-src qtsensors-opensource-src qtspeech-opensource-src qtsvg-opensource-src qttools-opensource-src qtwebchannel-opensource-src qtx11extras-opensource-src underscore vlc xorg-docs
+
+bind9
+bluez
+ffmpeg
+gegl
+graphviz
+grub2
+guile-3.0
+libdmapsharing
+libjcat
+libu2f-host
+libzstd
+linux
+lynx
+nss
+numpy
+python3.11
+qtdeclarative-opensource-src
+qtquickcontrols2-opensource-src
+qtsensors-opensource-src
+qtspeech-opensource-src
+qtsvg-opensource-src
+qttools-opensource-src
+qtwayland-opensource-src
+qtwebchannel-opensource-src
+underscore
+vlc
+wireplumber
<p>
</section>
@@ -1180,7 +1248,84 @@ bind9 bluez ffmpeg gegl gnupg2 graphviz grub2 guile-2.2 ibus icu imagemagick lib
build-essential-depends unreproducible source packages
</h3>
<p style="font-size: 77%">
-auctex black bluez codenarc cxxtest dask dejagnu doxygen eccodes eckit efl emacs emoslib ffmpeg fish freetds gdb gdcm gmetrics gnupg2 graphviz groovy gtk-sharp2 guile-3.0 h2database hevea ibus icu imagemagick infinipath-psm ipyparallel ldc libadwaita-1 libapache-poi-java libcamera libzstd linux86 lirc lombok lucene4.10 lucene8 lynx mako mono mpich mrmpi nbconvert nbsphinx node-mocha nss numpy nunit odc openh264 openjfx oxygen-icons5 pandas parallel pmix pstoedit pupnp python-graphviz python-jsonschema python-xarray qemu qt6-5compat qt6-declarative qtbase-opensource-src qtconnectivity-opensource-src qtmultimedia-opensource-src qtscript-opensource-src qtsensors-opensource-src qtserialport-opensource-src qtspeech-opensource-src qtsvg-opensource-src qttools-opensource-src qtwebchannel-opensource-src qtwebsockets-opensource-src qtx11extras-opensource-src r-base ruby-pygments.rb scikit-learn scipy scons secilc shaderc sphinx-gallery statsmodels systemtap twisted underscore valgrind vlc xmlstarlet xorg-docs
+black
+bluez
+codenarc
+cxxtest
+dejagnu
+eccodes
+eckit
+efl
+emacs
+emoslib
+ffmpeg
+fish
+fltk1.3
+freetds
+gdb
+ghc
+gmetrics
+graphviz
+groovy
+guile-3.0
+h2database
+hevea
+javaparser
+ldc
+libcamera
+libzstd
+linux
+linux86
+lombok
+lucene4.10
+lucene8
+lynx
+mpich
+mrmpi
+mypy
+nbsphinx
+nss
+numpy
+odc
+oxygen-icons5
+pandas
+parallel
+pmix
+pstoedit
+python3.11
+python3.12
+python-django
+python-jsonschema
+qemu
+qt6-5compat
+qt6-declarative
+qt6-multimedia
+qt6-quick3d
+qt6-remoteobjects
+qtconnectivity-opensource-src
+qtdeclarative-opensource-src
+qtremoteobjects-everywhere-src
+qtsensors-opensource-src
+qtserialport-opensource-src
+qtspeech-opensource-src
+qtsvg-opensource-src
+qttools-opensource-src
+qtwayland-opensource-src
+qtwebchannel-opensource-src
+qtwebsockets-opensource-src
+r-base
+ruby-pygments.rb
+scikit-learn
+scons
+secilc
+sqlalchemy
+statsmodels
+stunnel4
+sympy
+systemtap
+underscore
+valgrind
+vlc
<p>
</section>
=====================================
2024-02-03-R-B-the-first-10-years/todo
=====================================
@@ -1,10 +1,11 @@
-test slides with 1920x1080 once fully in fullscreen mode
-add 2014 talk at beginning
-include more 2014 slides
-forky+1: unreproducible packages are still ok, but only as whitelisted exceptions?
2 big news 2023/2024: testing migration & rebuilder snapshot
+forky+1: unreproducible packages are still ok, but only as whitelisted exceptions?
table trixie forky forky+1 +2
+a very short slide: side-effects: bootstrappable.org / mes / stage0
+Since October 2019, Guix bootstraps by using MesCC—the small C compiler that comes with Mes—to build TinyCC, which is used to build GCC 2.95.0, which then builds GCC 4.7.4. Version 4.7 is the last version of GCC to not require a C++ compiler.
+(quote from bootstrappable.org)
+
snapshot.d.o
archlinux archive.org
ubuntu nice with launchpad
@@ -28,12 +29,5 @@ what is success?
"theoretical?" & for users?
help wanted
-update packages after the end, maybe
mention CoC ?
-mention 2024 summit more?
list sponsors?
-
-open old mails in browser?
-change title: 'the first 10 years and beyond'?
-
-
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/cb0afa823885fcf1b90a4e60dc356108d5e02c01
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/cb0afa823885fcf1b90a4e60dc356108d5e02c01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240202/dc8a58be/attachment.htm>
More information about the rb-commits
mailing list