[Git][reproducible-builds/reproducible-website][master] Update summary of 4th CHAINS workshop

Mon May 12 17:23:17 UTC 2025


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
70bcacf2 by Aman Sharma at 2025-05-12T17:14:34+00:00
Update summary of 4th CHAINS workshop

- - - - -


1 changed file:

- _reports/2025-04.md


Changes:

=====================================
_reports/2025-04.md
=====================================
@@ -52,15 +52,17 @@ He concludes as follows:
 
 Convened as part of the [CHAINS](https://chains.proj.kth.se/) research project at the [KTH Royal Institute of Technology](https://www.kth.se/en) in Stockholm, Sweden, the [*4th CHAINS Software Supply Chain Workshop*](https://chains.proj.kth.se/software-supply-chain-workshop-4.html) occurred during April. During the workshop, there were a number of relevant workshops, including:
 
-* [Reproducible builds for Java](https://github.com/jvm-repo-rebuild/reproducible-central)
+* [Signature, Attestations, and Reproducible Builds](https://chains.proj.kth.se/workshop_4_assets/slides/Signature_Attestations_Reproducible%20Builds.pdf)
 * [Does Functional Package Management Enable Reproducible Builds at Scale?](https://hal.science/hal-04913007)
-* [Causes and Mitigations of Unreproducible Builds in Java](https://algomaster99.github.io/talks/4th-chains-workshop/slides.pdf)
+* [Causes and Mitigations of Unreproducible Builds in Java](https://algomaster99.github.io/talks/4th-chains-workshop/slides.pdf) [\[paper\]](https://arxiv.org/abs/2504.21679)
 * [Fixing Breaking Dependency Updates Using LLMs](https://kth.diva-portal.org/smash/get/diva2:1905601/FULLTEXT01.pdf)
 * [The caveats of vulnerability analysis](https://chains.proj.kth.se/workshop_4_assets/slides/20250425_Henrik_PLATE_Keynote_CHAINS_Workshop.pdf)
 * [`maven-lockfile`](https://github.com/chains-project/maven-lockfile/) (Lockfiles for Java and Maven)
 * [`observer`](https://github.com/sbom-observer/observer-cli) (Generating SBOMs for C/C++)
 * [`dirty-waters`](https://github.com/chains-project/dirty-waters) (Transparency checks for software supply chains)
-* Finally, a [supply chain competition](https://chains.proj.kth.se/chains-repo-checklist.html). Martin Schwaighofer, the winner, [created a recap video](https://youtu.be/lqH2lVe8Isc) (20m43s).
+* A [supply chain competition](https://chains.proj.kth.se/chains-repo-checklist.html). Martin Schwaighofer, the winner, [created a recap video](https://youtu.be/lqH2lVe8Isc) (20m43s).
+* Finally, [8 posters](https://chains.proj.kth.se/software-supply-chain-workshop-4.html#poster-session) on dependency introspection, diverse double compilation, dependency management, VEX, and SBOM.
+
 
 
 The [full listing of the agenda](https://chains.proj.kth.se/software-supply-chain-workshop-4.html) is available on the workshop's website.



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/70bcacf252e92db5e7111474285841966bda1c6a

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/70bcacf252e92db5e7111474285841966bda1c6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250512/6a24b0ef/attachment.htm>
