[Git][reproducible-builds/reproducible-presentations][nevermind-the-checkboxes] 6 commits: nevermind the checkboxes: white houses.
Vagrant Cascadian (@vagrant)
gitlab at salsa.debian.org
Fri Aug 1 23:03:58 UTC 2025
Vagrant Cascadian pushed to branch nevermind-the-checkboxes at Reproducible Builds / reproducible-presentations
Commits:
b933fd88 by Vagrant Cascadian at 2025-08-01T15:06:15-07:00
nevermind the checkboxes: white houses.
- - - - -
d74614ef by Vagrant Cascadian at 2025-08-01T15:43:28-07:00
nevermind the checkboxes: flesh out iso900, whitehouse order, and give
scope and years for CRA.
- - - - -
540953e9 by Vagrant Cascadian at 2025-08-01T15:45:10-07:00
nevermidn the checkboxes: move openchain after the white house.
- - - - -
473dd1ed by Vagrant Cascadian at 2025-08-01T15:57:30-07:00
nevermind the checkboxes, drop redundant sbom slid and merged into another.
- - - - -
63bc1053 by Vagrant Cascadian at 2025-08-01T16:02:14-07:00
nevermind the checkboxes: fixed last fixme.
- - - - -
b670869a by Vagrant Cascadian at 2025-08-01T16:02:48-07:00
nevermind the checkboxes: Move the boms earlier, so we can talk about them later
- - - - -
1 changed file:
- 2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org
Changes:
=====================================
2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org
=====================================
@@ -81,7 +81,7 @@ Reproducible Builds and FOSS.
:BEAMER_col: 0.3
:END:
-FIXME We do reproducible builds. Maybe punks, Maybe not.
+A small part of the Reproducible Builds Community
* What the punk
@@ -132,11 +132,39 @@ Software is nearly infinitely and instantaneously duplicated and transmitted
Hardware gets moved around slowly, requires many steps to duplicate
+* Billy O Material
+
+https://en.wikipedia.org/wiki/Bill_of_materials
+
+A Bill of Materials (BOM) ... is a list of the raw materials,
+sub-assemblies, intermediate assemblies, sub-components, parts, and
+the quantities of each needed to manufacture an end product.
+
+
+* Software Bill Of imMaterials
+
+https://en.wikipedia.org/wiki/Software_supply_chain
+
+A Software Bill of Materials (SBOM) declares the inventory of
+components used to build a software artifact, including any open
+source and proprietary software components. It is the software
+analogue to the traditional manufacturing BOM, which is used as part
+of supply chain management.
+
* ISO9000
https://en.wikipedia.org/wiki/ISO_9000_family
+goal of these standards is to help organizations ensure that they meet
+customer and other stakeholder needs within the statutory and
+regulatory requirements related to a product or service.
+
+#+ATTR_BEAMER: :overlay <+->
+- 1987
+- International
+- third-party certification
+
* Cyber Resilience Act
@@ -144,11 +172,29 @@ https://en.wikipedia.org/wiki/Cyber_Resilience_Act
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847
#+ATTR_BEAMER: :overlay <+->
-- ...
+- 2024
+- Europe
- Voluntary self assessment
- Open Source Stewards
+* Executively Ordered
+
+https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
+
+Whitehouse Executive Order 14028
+
+Improving the Nation's Cybersecurity
+
+#+ATTR_BEAMER: :overlay <+->
+- 2021
+- United States of America
+- SolarWinds and other big incidents
+- Not yet rescinded
+- SBOMs!
+- autogenerated SBOMs
+
+
* OpenChain
https://openchainproject.org/checklist-iso-dis-18974
@@ -182,13 +228,6 @@ Security Stuff
- We test released software
-* Executively Ordered
-
-https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
-
-whitehouse executive order firmly establishing concepts like SBOM
-
-
* Real problems
do they solve actual problems?
@@ -205,6 +244,12 @@ Do Software Bill of Materials (SBOMs) actually give you the
information necessary to verify how a given software artifact was
built?
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- list of software dependencies
+- may be obfuscated!!!
+- may not even be publicly available
+
* Goals
@@ -218,37 +263,6 @@ If a software object is signed, who should be trusted to sign it, and
can they be trusted ... forever?
-* Billy O Material
-
-https://en.wikipedia.org/wiki/Bill_of_materials
-
-A Bill of Materials (BOM) ... is a list of the raw materials,
-sub-assemblies, intermediate assemblies, sub-components, parts, and
-the quantities of each needed to manufacture an end product.
-
-
-* Software Bill Of imMaterials
-
-https://en.wikipedia.org/wiki/Software_supply_chain
-
-A Software Bill of Materials (SBOM) declares the inventory of
-components used to build a software artifact, including any open
-source and proprietary software components. It is the software
-analogue to the traditional manufacturing BOM, which is used as part
-of supply chain management.
-
-
-* The Materiality of Software
-
-SBOM
-
-#+ATTR_BEAMER: :overlay <+->
-- ...
-- list of software dependencies
-- may be obfuscated!!!
-- may not even be publicly available
-
-
* Reproducible Builds Defined
** text
:PROPERTIES:
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/753a3638e9c43be3d21a3e8429664a46df053503...b670869a1a82b24144bb9cfa029c483d058ca30a
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/753a3638e9c43be3d21a3e8429664a46df053503...b670869a1a82b24144bb9cfa029c483d058ca30a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250801/f96538d4/attachment.htm>
More information about the rb-commits
mailing list