[Git][reproducible-builds/reproducible-lfs][master] transparency.dev summit talk: done, update todo
Holger Levsen (@holger)
gitlab at salsa.debian.org
Tue Oct 21 11:49:29 UTC 2025
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-lfs
Commits:
b095dd71 by Holger Levsen at 2025-10-21T13:49:19+02:00
transparency.dev summit talk: done, update todo
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
1 changed file:
- presentations/2025-10-21-Reproducible-Builds-brief-summary-of-12-years-and-a-glimpse-into-the-future/todo
Changes:
=====================================
presentations/2025-10-21-Reproducible-Builds-brief-summary-of-12-years-and-a-glimpse-into-the-future/todo
=====================================
@@ -1,82 +1,3 @@
-sponsors wanted somewhere?
-
-rb definition
- who knew this?
- who is on this slides: we
- who knows diffoscope
- who knows S_D_E
-
-rb & transparency logs:
- reproducible builds are nice, but without transparency logs who knows whether r-b are really used?
- (similar to backups are nice/useless, but everybody wants restore)
- obviously transparency logs are also nice without r-b, but do you really want to run unreproducible software/
- software transparency, used in the real world?
-
-sigstore debian
-sigstore vs sigsum
-TL used in the real world?
-
-sigsum & sigstore
- two different tools / implementations
-
-real world transparency
- ssl certs
- go
- android firmware
- linux firmware
- imessages
- applecloud
-hardly software, correct me if i'm wrong :)
-
-transparency world:
- log operators
- witnesses
-r-b world
- log operators
- rebuilders
- witnesses
--> probs double
-
-
-about me:
- i might not be aware of some CT efforts re: r-b
-
-r-b.o history
-rb history goes further back
-
-rb website with docs
-rb summit, this year in vienna
-
-previously ci tests
-now rebuilderd for arch, debian & fedora
-fedora release milestone
-suse rb-one or whatever thats called
-also: tails, fdroid, maven central, signal
-
-transparency logs
-personally i like them since 2015
- someone should do them ;)
- for the communities
-i am here to collaborate
-q & a / discussion
- be the change you want to see in the FLOSS world
-
-up until a year ago, there were only a few rebuilderd instances for archlinux
- no idea why they havent done transparency logs
- neither nix
-
-maybe
- mention bootstrappable
- mention whatsrc: kpcyrd> | 13:56:05> h01ger: you could include something like "since we do a verified path from source to binary, we still need to have transparency/consensus about our source inputs" and then point out that whatsrc came out of the reproducible builds community because of this :)
-
- be the change you want to see in Debian/Arch/Nix/whatever
- I'll be happy to help, if you need help and if i can help
-
-
-update
-
-
-
debian
specs: rebuilderd
(DBs for 5 archs are 123G but 3.4G compressed)
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-lfs/-/commit/b095dd71a67fefb04e9eef2f0447cbe20e73cdb7
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-lfs/-/commit/b095dd71a67fefb04e9eef2f0447cbe20e73cdb7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20251021/371ee24a/attachment.htm>
More information about the rb-commits
mailing list