[Git][reproducible-builds/reproducible-website][master] 2 commits: 2015-10: Misc changes prior to publication.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Wed Nov 5 21:01:29 UTC 2025 


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
668b7ccf by Chris Lamb at 2025-11-05T13:01:19-08:00
2015-10: Misc changes prior to publication.

- - - - -
bb329e3c by Chris Lamb at 2025-11-05T13:01:21-08:00
published as https://reproducible-builds.org/reports/2025-10/

- - - - -


2 changed files:

- _reports/2025-10.md
- images/reports/2025-10/summit.jpg


Changes:

=====================================
_reports/2025-10.md
=====================================
@@ -3,42 +3,46 @@ layout: report
 year: "2025"
 month: "10"
 title: "Reproducible Builds in October 2025"
-draft: true
+draft: false
+date: 2025-11-05 21:01:21
 ---
 
 **Welcome to the October 2025 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
 {: .lead}
 
-[![]({{ "/images/reports/2025-09/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
+[![]({{ "/images/reports/2025-10/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
 
 **Welcome to the very latest report from the [Reproducible Builds]({{ "/" | relative_url }}) project.** Our monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. As ever, if you are interested in contributing to the Reproducible Builds project, please see the [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
 
-<!--
-
 **In this report:**
 
-0. This section automatically populated prior to release.
-
--->
+0. [Farewell from the Reproducible Builds Summit 2025](#farewell-from-the-reproducible-builds-summit-2025)
+0. [Google’s Play Store breaks reproducible builds for Signal](#googles-play-store-breaks-reproducible-builds-for-signal)
+0. [Mailing list updates](#mailing-list-updates)
+0. [*The Original Sin of Computing…that no one can fix*](#the-original-sin-of-computingthat-no-one-can-fix)
+0. [Reproducible Builds at the Transparency.dev summit](#reproducible-builds-at-the-transparencydev-summit)
+0. [Supply Chain Security for Go](#supply-chain-security-for-go)
+0. [Three new academic papers published](#three-new-academic-papers-published)
+0. [Distribution work](#distribution-work)
+0. [Upstream patches](#upstream-patches)
+0. [Website updates](#website-updates)
+0. [Tool development](#tool-development)
 
 ---
 
 ### Farewell from the Reproducible Builds Summit 2025...
 
-[![]({{ "/images/reports/2025-09/summit.jpg#right" | relative_url }})]({{ "/events/vienna2025/" | relative_url }})
-FIXME: use this years picture
-
 Thank you to everyone who joined us at the [Reproducible Builds Summit]({{ "/events/vienna2025/" | relative_url }}) in Vienna, Austria!
 
-We were thrilled to host the eighth edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin, Hamburg and Athens. During this event, participants had the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim was to create an inclusive space that fosters collaboration, innovation and problem-solving.
+[![]({{ "/images/reports/2025-10/summit.jpg" | relative_url }})]({{ "/events/vienna2025/" | relative_url }})
 
-The [agenda of those three main days]({{ "/events/vienna2025/agenda" | relative_url }}) is already available online, however some working sessions might still lack notes when this montly report has been published.
+We were thrilled to host the eighth edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin, Hamburg and Athens. During this event, participants had the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim was to create an inclusive space that fosters collaboration, innovation and problem-solving.
 
-<br>
+The [agenda of the three main days]({{ "/events/vienna2025/agenda" | relative_url }}) is available online — however, some working sessions may still lack notes at time of publication.
 
-### rebuilderd setup tutorial
+One tangible outcome of the summit is that [Johannes Starosta](https://github.com/johannesst) finished their [*rebuilderd*](https://github.com/kpcyrd/rebuilderd) tutorial, which is now [available online](https://github.com/johannesst/rebuilderd-setup-tutorial?tab=readme-ov-file) and Johannes is actively seeking feedback.
 
-FIXME: Johannes finished his rebuilderd tutorial during the summit: https://github.com/johannesst/rebuilderd-setup-tutorial - feedback much appreciated!
+<br>
 
 ### Google's Play Store breaks reproducible builds for Signal
 
@@ -77,7 +81,7 @@ GNU developer Janneke Nieuwenhuizen followed-up with an email (additionally sent
 
 <br>
 
-### Reproducible Builds at Transparency.dev summit
+### Reproducible Builds at the Transparency.dev summit
 
 [![](/images/reports/2025-10/transparencydevsummit.png#right)](https://transparency.dev/summit2025/)
 
@@ -218,9 +222,7 @@ In addition, a number of contributors added a series of notes from our [recent s
 
 ### Tool development
 
-**diffoscope** version `307` was [uploaded to Debian unstable](https://tracker.debian.org/news/1685059/accepted-diffoscope-307-source-into-unstable/) by Chris Lamb, who made a number of changes including fixing compatibility with [LLVM version 21](https://releases.llvm.org/21.1.0/docs/ReleaseNotes.html) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/98886f43)], an attempt to automatically attempt to deploy to [PyPI](https://pypi.org/) by liaising with the PyPI developers/maintainers (with this experimental feature). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f74b61ff)]
-
-* Vagrant Cascadian updated *diffoscope* in GNU Guix to [307](https://codeberg.org/guix/guix/commit/0a5e1e5bcf1d85acbcc027318d0b97263ccf7040).
+**diffoscope** version `307` was [uploaded to Debian unstable](https://tracker.debian.org/news/1685059/accepted-diffoscope-307-source-into-unstable/) by Chris Lamb, who made a number of changes including fixing compatibility with [LLVM version 21](https://releases.llvm.org/21.1.0/docs/ReleaseNotes.html) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/98886f43)], an attempt to automatically attempt to deploy to [PyPI](https://pypi.org/) by liaising with the PyPI developers/maintainers (with this experimental feature). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f74b61ff)] In addition, Vagrant Cascadian updated *diffoscope* in GNU Guix to version [307](https://codeberg.org/guix/guix/commit/0a5e1e5bcf1d85acbcc027318d0b97263ccf7040).
 
 <br>
 <br>


=====================================
images/reports/2025-10/summit.jpg
=====================================
Binary files a/images/reports/2025-10/summit.jpg and b/images/reports/2025-10/summit.jpg differ



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/510ba4ebb785689875bef962a7f47acfe3497f34...bb329e3c1f72447d1b47bd95a2db1e65cf01db3b

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/510ba4ebb785689875bef962a7f47acfe3497f34...bb329e3c1f72447d1b47bd95a2db1e65cf01db3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20251105/b943a4c9/attachment.htm>

More information about the rb-commits mailing list