[Git][reproducible-builds/reproducible-website][master] 2025-10: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Mon Nov 3 22:18:32 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
dadb9231 by Chris Lamb at 2025-11-03T14:17:43-08:00
2025-10: Initial draft
- - - - -
18 changed files:
- _reports/2025-10.md
- + images/reports/2025-10/2508.01530.png
- + images/reports/2025-10/2510.02251.png
- + images/reports/2025-10/Fu3laL5VYdM.jpg
- + images/reports/2025-10/Kofler.png
- + images/reports/2025-10/aaltodoc.aalto.png
- + images/reports/2025-10/debian.png
- + images/reports/2025-10/fedora.png
- + images/reports/2025-10/freebsd.png
- + images/reports/2025-10/golang.png
- + images/reports/2025-10/guix.png
- + images/reports/2025-10/hal-05326226.png
- + images/reports/2025-10/reproducible-builds.png
- + images/reports/2025-10/signal.png
- + images/reports/2025-10/summit.jpg
- + images/reports/2025-10/testframework.png
- + images/reports/2025-10/transparencydevsummit.png
- + images/reports/2025-10/website.png
Changes:
=====================================
_reports/2025-10.md
=====================================
@@ -6,34 +6,204 @@ title: "Reproducible Builds in October 2025"
draft: true
---
-* [FIXME](https://arxiv.org/pdf/2510.02251)
+**Welcome to the October 2025 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
+{: .lead}
-* FIXME: Signal reports Google Play Store breaks reproducible builds: https://github.com/signalapp/Signal-Android/issues/13565#issuecomment-3422952423
+[![]({{ "/images/reports/2025-09/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
+
+**Welcome to the very latest report from the [Reproducible Builds]({{ "/" | relative_url }}) project.** Our monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. As ever, if you are interested in contributing to the Reproducible Builds project, please see the [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
+
+<!--
+
+**In this report:**
+
+0. This section automatically populated prior to release.
+
+-->
+
+---
+
+### Farewell from the Reproducible Builds Summit 2025...
+
+[![]({{ "/images/reports/2025-09/summit.jpg#right" | relative_url }})]({{ "/events/vienna2025/" | relative_url }})
+
+Thank you to everyone who joined us at the [Reproducible Builds Summit]({{ "/events/vienna2025/" | relative_url }}) in Vienna, Austria!
+
+We were thrilled to host the eighth edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin, Hamburg and Athens. During this event, participants had the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim was to create an inclusive space that fosters collaboration, innovation and problem-solving.
+
+<br>
+
+### Google's Play Store breaks reproducible builds for Signal
+
+[](https://signal.org/)
+
+On the issue tracker for the popular [Signal](https://signal.org/) messenger app, developer Greyson Parrelli reports that updates to the Google Play store have, in effect, broken reproducible builds:
+
+> The most recent issues have to do with changes to the APKs that are made by the Play Store. Specifically, they add some attributes to some `.xml` files around languages are resources, which is not unexpected because of how the whole bundle system works. This is trickier to resolve, because unlike current "expected differences" (like signing information), we can't just exclude a whole file from the comparison. We have to take a more nuanced look at the diff. I've been hesitant to do that because it'll complicate our currently-very-readable comparison script, but I don't think there's any other reasonable option here.
+
+The [full thread with additional context](https://github.com/signalapp/Signal-Android/issues/13565) is available on GitHub.
+
+<br>
+
+### Mailing list updates
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
+
+* *kpcyrd* forwarded a fascinating tidbit regarding so-called [ninja and samurai build ordering](https://lists.reproducible-builds.org/pipermail/rb-general/2025-October/003903.html), that uses data structures in which the pointer values returned from `malloc` are used to determine some order of execution.
+
+* Arnout Engelen, Justin Cappos, Ludovic Courtès and *kpcyrd* continued a conversation started in September regarding the "Minimum Elements for a Software Bill of Materials". ([Full thread](https://lists.reproducible-builds.org/pipermail/rb-general/2025-October/thread.html#3893))
+
+* Felix Moessbauer of [Siemens](https://www.siemens.com/) posted to the list reporting that he had recently "stumbled upon a couple of Debian *source* packages on the snapshot mirrors that are listed multiple times (same name and version), but each time with a different checksum". The thread, which Felix titled, [*Debian: what precisely identifies a source package*](https://lists.reproducible-builds.org/pipermail/rb-general/2025-October/003908.html) is about precisely that — what can be axiomatically relied upon by consumers of the Debian archives, as well as indicating an issue where "we can't exactly say which packages were used during build time (even when having the `.buildinfo` files).
+
+* Luca DiMaio posted to the list announcing the release of [`xfsprogs`](https://www.kernel.org/pub/linux/utils/fs/xfs/xfsprogs/) 6.17.0 which specifically includes a [commit](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/commit/?id=8a4ea72724930cfe262ccda03028264e1a81b145) that "implements the functionality to populate a newly created XFS filesystem directly from an existing directory structure" which "makes it easier to create populated filesystems
+without having to mount them [and thus is] particularly useful for reproducible builds". Luca asked the list how they might contribute to the docs of the [*System images*]({{ "/docs/system-images/" | relative_url }}) page.
+
+<br>
+
+### *The Original Sin of Computing...that no one can fix*
+
+[](https://www.youtube.com/watch?v=Fu3laL5VYdM)
+
+Popular YouTuber [@laurewired](https://www.youtube.com/@lauriewired) published a video this month with an engaging take on the [*Trusting Trust*](https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf) problem. Titled [*The Original Sin of Computing...that no one can fix*](https://www.youtube.com/watch?v=Fu3laL5VYdM), the video touches on [David A. Wheeler's Diverse Double-Compiling](https://dwheeler.com/trusting-trust/) thesis.
+
+GNU developer Janneke Nieuwenhuizen followed-up with an email (additionally sent to [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/)) as well, underscoring that [GNU Mes](https://www.gnu.org/software/mes/)'s "current solution [to this issue] uses ancient softwares in its bootstrap path, such as gcc-2.95.3 and glibc-2.2.5". ([According to Colby Russell](https://lists.reproducible-builds.org/pipermail/rb-general/2025-October/003905.html), the GNU Mes bootstrapping sequence is shown at 18m54s in the video.)
+
+<br>
+
+### Reproducible Builds at Transparency.dev
+
+[](https://transparency.dev/summit2025/)
+
+Holger Levsen gave a talk at this year's [Transparency.dev](https://transparency.dev/summit2025/) summit in Gothenburg, Sweden, outlining the achievements of the Reproducible Builds project in the last 12 years, covering both upstream developments as well as some distribution-specific details. As mentioned [on the talk's page](https://transparency.dev/summit2025/talks/reproducible-builds.html), Holger's presentation "will conclude with an outlook into the future and an invitation to collaborate to bring transparency logs into Reproducible Builds projects".
+
+The [slides](https://reproducible-builds.org/_lfs/presentations/2025-10-21-Reproducible-Builds-brief-summary-of-12-years-and-a-glimpse-into-the-future) of the talk are available, although a video has yet to be released. Nevertheless, as a result of the discussions at Transparency.dev there is a [new page on the Debian wiki](https://wiki.debian.org/ReproducibleBuilds/PackageTransparency) with the aim of describing a potential transparency log setup for [Debian](https://debian.org/).
+
+<br>
+
+### Supply Chain Security for Go
+
+[](https://go.dev/)
+
+Andrew Ayer has setup a new service at [*sourcespotter.com*](https://sourcespotter.com/) that aims to monitor the supply chain security for Go releases. It consists of four separate trackers:
+
+1. A tool to verify that the Go Module Mirror and Checksum Database is behaving honestly and has not presented inconsistent information to clients.
+2. A module monitor that records every module version served by the Go Module Mirror and Checksum Database, allowing you to monitor for unexpected versions of your modules.
+3. A tool to verifies that the Go toolchains published in the Go Module Mirror can be reproduced from source code, making it difficult to hide backdoors in the binaries downloaded by the `go` command.
+4. A telemetry config tracker that tracks the names of telemetry counters uploaded by the Go toolchain, to ensure that Go telemetry is not violating users' privacy.
+
+As [the homepage of the service](https://sourcespotter.com/) mentions, the trackers are free software and do not rely on Google infrastructure.
+
+<br>
+
+### Three new academic papers published
+
+[![]({{ "/images/reports/2025-10/hal-05326226.png#right" | relative_url }})](https://hal.science/hal-05326226)
+
+Julien Malka of the [Institut Polytechnique de Paris](https://www.ip-paris.fr/) published an exciting paper this month on [*How NixOS could have detected the XZ
+supply-chain attack for the benefit of all thanks to reproducible-builds*](https://hal.science/hal-05326226). Julien outlines his paper as follows:
+
+> In March 2024, a [sophisticated backdoor was discovered in xz](https://en.wikipedia.org/wiki/XZ_Utils_backdoor), a core compression library in Linux distributions, covertly inserted over three years by a malicious maintainer, Jia Tan. The attack, which enabled remote code execution via ssh, was only uncovered by chance when Andres Freund investigated a minor performance issue. This incident highlights the vulnerability of the open-source supply chain and the effort attackers are willing to invest in gaining trust and access. In this article, I analyze the backdoor’s mechanics and explore how bitwise build reproducibility could have helped detect it.
+
+A [PDF](https://hal.science/hal-05326226/document) of the paper is available online.
+
+<br>
+
+[![]({{ "/images/reports/2025-10/2510.02251.png#right" | relative_url }})](https://arxiv.org/abs/2510.02251)
+
+Iyán Méndez Veiga1 and Esther Hänggi (of the [Lucerne University of Applied Sciences and Arts](https://www.hslu.ch/en/) and [Institute for Theoretical Physics](https://itp.phys.ethz.ch/) respectfully) published a paper this month on the topic of [*Reproducible Builds for Quantum Computing*](https://arxiv.org/abs/2510.02251). The abstract of their paper mentions the following:
+
+> Although quantum computing is a rapidly evolving field of research, it can already benefit from adopting reproducible builds. This paper aims to bridge the gap between the quantum computing and reproducible builds communities. **We propose a generalization of the definition of reproducible builds in the quantum setting, motivated by two threat models: one targeting the confidentiality of end users’ data during circuit preparation and submission to a quantum computer, and another compromising the integrity of quantum computation results.** This work presents three examples that show how classical information can be hidden in transpiled quantum circuits, and two cases illustrating how even minimal modifications to these circuits can lead to incorrect quantum computation results.
+
+A [full PDF](https://arxiv.org/pdf/2510.02251) of their paper is available.
+
+<br>
+
+[![]({{ "/images/reports/2025-10/Kofler.png#right" | relative_url }})](https://epub.jku.at/obvulihs/content/titleinfo/12692481/full.pdf)
+
+Congratulations to Georg Kofler who submitted their Master's thesis for the [Johannes Kepler University](https://www.jku.at/en) of Linz, Austria on the topic of [*Reproducible builds of E2EE-messengers for Android using Nix hermetic builds*]:
+
+> The thesis focuses on providing a reproducible build process for two open-source E2EE messaging applications: Signal and Wire. The motivation to ensure reproducibility—and thereby the integrity—of E2EE messaging applications stems from their central role as essential tools for modern digital privacy. These applications provide confidentiality for private and sensitive communications, and their compromise could undermine encryption mechanisms, potentially leaking sensitive data to third parties.
+
+A [full PDF](https://epub.jku.at/obvulihs/content/titleinfo/12692481/full.pdf) of their thesis is available online.
+
+<br>
+
+[![]({{ "/images/reports/2025-10/aaltodoc.aalto.png#right" | relative_url }})](https://aaltodoc.aalto.fi/server/api/core/bitstreams/ba5d8e7a-dcde-427f-a056-02e19b51ce1b/content)
+
+Shawkot Hossain of [Aalto University](https://www.aalto.fi/en), Finland has also submitted their Master's thesis on the [*The Role of SBOM in Modern Development*](https://aaltodoc.aalto.fi/server/api/core/bitstreams/ba5d8e7a-dcde-427f-a056-02e19b51ce1b/content) with a focus on the extant tooling:
+
+> Currently, there are numerous solutions and techniques available in the market to tackle supply chain security, and all claim to be the best solution. This thesis delves deeper by implementing those solutions and evaluates them for better understanding. Some of the tools that this thesis implemented are [Syft](https://github.com/anchore/syft), [Trivy](https://trivy.dev/latest/), Grype, FOSSA, dependency-check, and Gemnasium. Software dependencies are generated in a Software Bill of Materials (SBOM) format by using these open-source tools, and the corresponding results have been analyzed. Among these tools, Syft and Trivy outperform others as they provide relevant and accurate information on software dependencies.
+
+A [PDF](https://aaltodoc.aalto.fi/server/api/core/bitstreams/ba5d8e7a-dcde-427f-a056-02e19b51ce1b/content) of the thesis is also available.
+
+<br>
+
+### Distribution work
+
+[![]({{ "/images/reports/2025-10/freebsd.png#right" | relative_url }})](https://www.freebsd.org/)
+
+Michael Plura published an interesting article on [Heise.de](https://heise.de) on the topic of [*Trust is good, reproducibility is better*](https://www.heise.de/en/news/FreeBSD-shortly-before-15-0-Trust-is-good-reproducibility-is-better-10965171.html):
+
+> In the wake of growing supply chain attacks, the FreeBSD developers are relying on a [transparent build concept in the form of Zero-Trust Builds](https://freebsdfoundation.org/blog/zero-trust-builds-for-freebsd/). The approach builds on the established Reproducible Builds, where binary files can be rebuilt bit-for-bit from the published source code. **While reproducible builds primarily ensure verifiability, the zero-trust model goes a step further and removes trust from the build process itself. No single server, maintainer, or compiler can be considered more than potentially trustworthy.**
+
+[The article](https://www.heise.de/en/news/FreeBSD-shortly-before-15-0-Trust-is-good-reproducibility-is-better-10965171.html) mentions that this "goal has now been achieved with a slight delay and can be used in the current development branch for FreeBSD 15".
+
+<br>
+
+[![]({{ "/images/reports/2025-10/debian.png#right" | relative_url }})](https://debian.org/)
+
+In **Debian** this month, 7 reviews of Debian packages were added, 5 were updated and 11 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+<br>
### Upstream patches
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
+
+* Chris Lamb:
+
+ * [#1117494](https://bugs.debian.org/1117494) filed against [`python-can`](https://tracker.debian.org/pkg/python-can).
+ * [#1117614](https://bugs.debian.org/1117614) filed against [`rsbackup`](https://tracker.debian.org/pkg/rsbackup).
+ * [#1117742](https://bugs.debian.org/1117742) filed against [`mobilitydb`](https://tracker.debian.org/pkg/mobilitydb).
+ * [#1118160](https://bugs.debian.org/1118160) filed against [`pyraf`](https://tracker.debian.org/pkg/pyraf).
+ * [#1118596](https://bugs.debian.org/1118596) filed against [`ne`](https://tracker.debian.org/pkg/ne).
+
* Robin Candau:
* [`treetop`](https://github.com/cjheath/treetop/pull/60)
-* [FIXME](https://epub.jku.at/obvulihs/content/titleinfo/12692481/full.pdf)
+<br>
+
+### Website updates
+
+[![]({{ "/images/reports/2025-10/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+Once again, there were a number of improvements made to our website this month including:
+
+* Arnout Engelen added a note on using `git archive` to the [*Archive metadata*]({{ "/docs/archives/" | relative_url }}) page. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6e4ced17)]
+
+* James Addison updated the [user stories that feature on the homepage]({{ "/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/43d6bca6)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/86c0972d)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6f46cf61)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/994bdbf8)] as well as a new [*Reproducibility Troubleshooting*]({{ "/docs/reproducibility-troubleshooting/" | relative_url }}) that functions as an excellent 'getting started' guide [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f1c538ab)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/28e4a9c3)].
+
+* Zbigniew Jędrzejewski-Szmek added a link on the [*Tools*]({{ "/tools/" | relative_url }}) page for [*add-determinism*](https://github.com/keszybz/add-determinism) and *linkdupes* [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b2c663f4)] as well as added a link to [Fedora's reproducibility efforts](https://docs.fedoraproject.org/en-US/reproducible-builds/) to the [*Contribute*]({{ "/contribute/" | relative_url }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/21f1813d)].
+
+In addition, a number of contributors added a series of notes from our [recent summit]({{ "/events/vienna2025/" | relative_url }}) to the website, including Alexander Couzens [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f82c1295)], Robin Candau [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/016ae3f2)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4886ee08)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7b7cd546)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b95f8c71)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/144b7cb5)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f9d459ef)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/49df551c)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0d55af9b)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/553702a3)] and *kpcyrd* [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b422164f)].
-* [FIXME](https://www.youtube.com/watch?v=Fu3laL5VYdM)
+<br>
-* FIXME: ["Reproducible Builds, a very brief summary of the last 12 years and a glimpse into the future" presented by Holger Levsen at Transparency.dev Summit 2025 in Gothenburg, Sweden on 2025-10-21](https://transparency.dev/summit2025/talks/reproducible-builds.html)
- * video: to be released / linked
- * [slides](https://reproducible-builds.org/_lfs/presentations/2025-10-21-Reproducible-Builds-brief-summary-of-12-years-and-a-glimpse-into-the-future)
-* FIXME: as a result of the discussions at this summit there is https://wiki.debian.org/ReproducibleBuilds/PackageTransparency now with the aim of describing a transparency log setup for Debian.
+### Tool development
-* FIXME: Andrew Ayer setup https://sourcespotter.com/ to monitor the supply chain security for Go releases.
+**diffoscope** version `307` was [uploaded to Debian unstable](https://tracker.debian.org/news/1685059/accepted-diffoscope-307-source-into-unstable/) by Chris Lamb, who made a number of changes including fixing compatibility with [LLVM version 21](https://releases.llvm.org/21.1.0/docs/ReleaseNotes.html) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/98886f43)], an attempt to automatically attempt to deploy to [PyPI](https://pypi.org/) by liaising with the PyPI developers/maintainers (with this experimental feature). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f74b61ff)]
+ * Update copyright years. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4a145f43)]
-* [FIXME](https://aaltodoc.aalto.fi/server/api/core/bitstreams/ba5d8e7a-dcde-427f-a056-02e19b51ce1b/content)
+**reprotest** version `0.7.31` was [uploaded to Debian unstable](https://tracker.debian.org/news/1685661/accepted-reprotest-0732-source-into-unstable/) by Holger Levsen. This was in order to incorporate a fix by Vagrant Cascadian to fix a build failure caused by extra whitespace in a previous `debian/changelog` entry. [[...](https://salsa.debian.org/reproducible-builds/reprotest/-/commit/1ebdf3e8dbc59958d0868377fce83a8e00f0dff0)]
-* [FIXME](https://hal.science/hal-05326226/document)
+<br>
+<br>
-* FIXME: the summit in vienna... pics, agenda, notes, etc
+Finally, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
-* FIXME: rebuilderd: MR184 was merged after intensive summit
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
-* FIXME: https://www.heise.de/en/news/FreeBSD-shortly-before-15-0-Trust-is-good-reproducibility-is-better-10965171.html
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
=====================================
images/reports/2025-10/2508.01530.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/2508.01530.png differ
=====================================
images/reports/2025-10/2510.02251.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/2510.02251.png differ
=====================================
images/reports/2025-10/Fu3laL5VYdM.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-10/Fu3laL5VYdM.jpg differ
=====================================
images/reports/2025-10/Kofler.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/Kofler.png differ
=====================================
images/reports/2025-10/aaltodoc.aalto.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/aaltodoc.aalto.png differ
=====================================
images/reports/2025-10/debian.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/debian.png differ
=====================================
images/reports/2025-10/fedora.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/fedora.png differ
=====================================
images/reports/2025-10/freebsd.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/freebsd.png differ
=====================================
images/reports/2025-10/golang.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/golang.png differ
=====================================
images/reports/2025-10/guix.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/guix.png differ
=====================================
images/reports/2025-10/hal-05326226.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/hal-05326226.png differ
=====================================
images/reports/2025-10/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/reproducible-builds.png differ
=====================================
images/reports/2025-10/signal.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/signal.png differ
=====================================
images/reports/2025-10/summit.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-10/summit.jpg differ
=====================================
images/reports/2025-10/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/testframework.png differ
=====================================
images/reports/2025-10/transparencydevsummit.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/transparencydevsummit.png differ
=====================================
images/reports/2025-10/website.png
=====================================
Binary files /dev/null and b/images/reports/2025-10/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/dadb9231b6b8b20f980436b948192f5458bd8ab4
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/dadb9231b6b8b20f980436b948192f5458bd8ab4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20251103/7fb15ce2/attachment.htm>
More information about the rb-commits
mailing list