[Git][reproducible-builds/reproducible-presentations][nevermind-the-checkboxes] 8 commits: nevermind the checkboxes: expand upon openchain's checkboxes.

Wed Jul 30 02:20:51 UTC 2025


Vagrant Cascadian pushed to branch nevermind-the-checkboxes at Reproducible Builds / reproducible-presentations


Commits:
4ba3328b by Vagrant Cascadian at 2025-07-29T15:27:30-07:00
nevermind the checkboxes: expand upon openchain's checkboxes.

- - - - -
b6aaff52 by Vagrant Cascadian at 2025-07-29T15:31:35-07:00
nevermind the checkboxes: punks and authority.

- - - - -
3efcc0c6 by Vagrant Cascadian at 2025-07-29T15:34:01-07:00
nevermind the checkboxes: Condense punk values.

- - - - -
d7e99c12 by Vagrant Cascadian at 2025-07-29T15:37:03-07:00
nevermind the checkboxes: be honest about the relationship to authority.

- - - - -
93eec9fa by Vagrant Cascadian at 2025-07-29T15:39:38-07:00
nevermind the checkboxes: drop virtual supply chain slide, redundant with two-parter.

- - - - -
778b8388 by Vagrant Cascadian at 2025-07-29T16:00:32-07:00
nevermind the checkboxes: ask more questions.

- - - - -
8d77c24f by Vagrant Cascadian at 2025-07-29T16:01:07-07:00
nevermind the checkboxes: side-by-side free software relationship.

- - - - -
6279c09c by Vagrant Cascadian at 2025-07-29T19:18:19-07:00
nevermind the checkboxes: whitespace fix.

- - - - -


1 changed file:

- 2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org


Changes:

=====================================
2025-08-02-fossy-nevermind-the-checkboxes/Nevermind-the-Checkboxes-heres-Reproducible-Builds.org
=====================================
@@ -88,33 +88,20 @@ FIXME We do reproducible builds. Maybe punks, Maybe not.
 
 * What the punk
 
-Autonomy
+A selection of Punk values
 
-
-* What the punk
-
-Independence
-
-
-* What the punk
-
-Mutual Aid
-
-
-* What the punk
-
-Community
-
-
-* What the punk
-
-DIY
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Autonomy
+- Independence
+- Mutual Aid
+- Community
+- DIY
+- Blatant Disregard for Authority
 
 
 * Physical Supply chains
 
-Objects moving through space, from location to location
-
 ** img
     :PROPERTIES:
     :BEAMER_col: 0.7
@@ -131,16 +118,6 @@ A software supply chain is the components, libraries, tools, and
 processes used to develop, build, and publish a software artifact.
 
 
-* Virtually Supplied Chains?
-
-Electrons moving across wires
-
-#+ATTR_BEAMER: :overlay <+->
-- ...
-- near instantaneous delivery
-- trivially duplicated
-
-
 * Straining the Supply Chain Anology
 
 ** text
@@ -198,7 +175,33 @@ https://en.wikipedia.org/wiki/ISO_9000_family
 
 https://openchainproject.org/checklist-iso-dis-18974
 
-So. Many. Checkboxes.
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Voluntary self assessment
+- We have security policies
+- We have people
+- Who know about the policies
+- We document and review policies
+- We document and review implementation of policies
+- Security stuff ... (more later)
+- We keep track of our software
+- We archive our software
+- Document all of the above
+- Review all of the above
+
+
+* OpenChain: The Security Stuff
+
+https://openchainproject.org/checklist-iso-dis-18974
+
+Security Stuff
+
+#+ATTR_BEAMER: :overlay <+->
+- Identify threats
+- Vulnerability Detection
+- Vulnerability follow-up
+- Vulnerability communication
+- We test released software
 
 
 * Executively Ordered
@@ -208,6 +211,35 @@ https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/
 whitehouse executive order firmly establishing concepts like SBOM
 
 
+* Real problems
+
+do they solve actual problems?
+
+
+* Quality
+
+Does it improve the quality of software?
+
+
+* SBOM
+
+Do Software Bill of Materials (SBOMs) actually give you the
+information necessary to verify how a given software artifact was
+built?
+
+
+* Goals
+
+What is the goal of all these compliance checklists anyways... or more
+importantly, what should the goals be?
+
+
+* Signatures
+
+If a software object is signed, who should be trusted to sign it, and
+can they be trusted ... forever?
+
+
 * The Materiality of Software
 
 SBOM
@@ -217,6 +249,7 @@ SBOM
 - list of software dependencies
 - may be obfuscated!!!
 
+
 * Reproducible Builds Defined
 ** text
     :PROPERTIES:
@@ -258,6 +291,30 @@ identical copies of all specified artifacts.
 Requirements for Reproducible Builds and Free and Open Source Software
 overlap!
 
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- Source Code
+- Software used during build (build environment)
+- Instructions on how to perform the build
+- Any party (e.g. any third party)
+
+	
+** text
+    :PROPERTIES:
+    :BEAMER_col: 0.4
+    :END:
+
+#+ATTR_BEAMER: :overlay <+->
+- Use
+- Share
+- Study (Source)
+- Change (Source)
+	
+
 
 * Reproducible Builds
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/3a17e04ba5097865698aa6cf9799d56c4a0d2186...6279c09cb102be2958d8cd6d4876e8d5e00b73a7

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/3a17e04ba5097865698aa6cf9799d56c4a0d2186...6279c09cb102be2958d8cd6d4876e8d5e00b73a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250730/6254b464/attachment.htm>
