[Git][reproducible-builds/reproducible-website][master] 3 commits: 2025-03: Improve bookworm announcement.

Fri Apr 11 22:00:45 UTC 2025


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
1cadb6f9 by Chris Lamb at 2025-04-11T14:57:06-07:00
2025-03: Improve bookworm announcement.


- - - - -
2f6bd21e by Chris Lamb at 2025-04-11T14:57:13-07:00
2025-03: Improve images.


- - - - -
52708fc0 by Chris Lamb at 2025-04-11T15:00:32-07:00
published as https://reproducible-builds.org/reports/2025-03/

- - - - -


3 changed files:

- _reports/2025-03.md
- images/reports/2025-03/fedora.png
- images/reports/2025-03/simplex-chat.png


Changes:

=====================================
_reports/2025-03.md
=====================================
@@ -3,53 +3,43 @@ layout: report
 year: "2025"
 month: "03"
 title: "Reproducible Builds in March 2025"
-draft: true
+draft: false
+date: 2025-04-11 22:00:32
 ---
 
 [![]({{ "/images/reports/2025-03/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
 
 **Welcome to the third report in 2025 from the [Reproducible Builds]({{ "/" | relative_url }}) project.** Our monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. As usual, however, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
 
-<!--
-
 **Table of contents:**
 
-FIXME
-
--->
+0. [Debian bookworm live images now fully reproducible from their binary packages](#debian-bookworm-live-images-now-fully-reproducible-from-their-binary-packages)
+0. ["How NixOS and reproducible builds could have detected the xz backdoor"](#how-nixos-and-reproducible-builds-could-have-detected-the-xz-backdoor)
+0. [LWN: Fedora change aims for 99% package reproducibility](#lwn-fedora-change-aims-for-99-package-reproducibility)
+0. [Python adopts PEP standard for specifying package dependencies](#python-adopts-pep-standard-for-specifying-package-dependencies)
+0. [OSS Rebuild real-time validation and tooling improvements](#oss-rebuild-real-time-validation-and-tooling-improvements)
+0. [SimpleX Chat server components now reproducible](#simplex-chat-server-components-now-reproducible)
+0. [Three new scholarly papers](#three-new-scholarly-papers)
+0. [Distribution roundup](#distribution-roundup)
+0. [An overview of "Supply Chain Attacks on Linux distributions"](#an-overview-of-supply-chain-attacks-on-linux-distributions)
+0. [diffoscope & strip-nondeterminism](#diffoscope--strip-nondeterminism)
+0. [Website updates](#website-updates)
+0. [Reproducibility testing framework](#reproducibility-testing-framework)
+0. [Upstream patches](#upstream-patches)
 
 ---
 
-### Debian bookworm live images now fully reproducible
+### Debian bookworm live images now fully reproducible from their binary packages
 
 [![]({{ "/images/reports/2025-03/debian.png#right" | relative_url }})](https://lists.reproducible-builds.org/pipermail/rb-general/2025-March/003675.html)
 
-On the general [Reproducible Builds mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month, [Roland Clobus announced](https://lists.reproducible-builds.org/pipermail/rb-general/2025-March/003675.html) that all major desktop variants (ie. Gnome, KDE, etc.) build reproducibly with Debian *bullseye*, *bookworm* and *trixie*.
-
-In response, Roland's announcement generated both congratulations as well as some exacting wrestling with the terms employed: a full outline of the replies can be found [here](https://lists.reproducible-builds.org/pipermail/rb-general/2025-March/thread.html#3675).
-
-The news was [also picked up by Linux Weekly News](https://lwn.net/Articles/1015402/) (LWN) as [well as to Hacker News](https://news.ycombinator.com/item?id=43484520).
+[Roland Clobus announced](https://lists.reproducible-builds.org/pipermail/rb-general/2025-March/003675.html) on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month that all the major desktop variants (ie. Gnome, KDE, etc.) can be reproducibly created for Debian *bullseye*, *bookworm* and *trixie* from their (pre-compiled) binary packages.
 
-<!--
+Building reproducible Debian live images does not require building from reproducible source code, but this is still a remarkable achievement. Some large proportion of the binary packages that comprise these live images can (and were) built reproducibly, but live image generation works at a higher level. (By contrast, "full" or end-to-end reproducibility of a bootable OS image will, in time, require both the compile-the-packages the build-the-bootable-image stages to be reproducible.)
 
-FIXME
-
-
->   Debian bookworm live images now reproducible from binary packages
->
->   On the general Reproducible Builds mailing list this month, Roland
->   Clobus announced that all major desktop variants (ie. Gnome, KDE,
->   etc.) build pre-compiled Debian binary packages reproducibly into
->   bootable images with Debian bullseye, bookworm and trixie.
->
->   (Some large fraction of those binary packages are built reproducibly,
->   but that was not the topic of the announcement.  To get full
->   reproducibility of a bootable OS image, both the compile-the-packages
->   stage and the build-the-bootable-image stage need reproducibility.)
->
-
--->
+Nevertheless, in response, Roland's announcement generated significant congratulations as well as some discussion regarding the finer points of the terms employed: a full outline of the replies can be found [here](https://lists.reproducible-builds.org/pipermail/rb-general/2025-March/thread.html#3675).
 
+The news was [also picked up by Linux Weekly News](https://lwn.net/Articles/1015402/) (LWN) as [well as to Hacker News](https://news.ycombinator.com/item?id=43484520).
 
 <br>
 


=====================================
images/reports/2025-03/fedora.png
=====================================
Binary files a/images/reports/2025-03/fedora.png and b/images/reports/2025-03/fedora.png differ


=====================================
images/reports/2025-03/simplex-chat.png
=====================================
Binary files a/images/reports/2025-03/simplex-chat.png and b/images/reports/2025-03/simplex-chat.png differ



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/edd8aae633364d9226663d7bf8ed747688f5dfbb...52708fc0b3434d0a5026144bf9553bd022b05dcf

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/edd8aae633364d9226663d7bf8ed747688f5dfbb...52708fc0b3434d0a5026144bf9553bd022b05dcf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250411/1f620651/attachment.htm>
