[Git][reproducible-builds/reproducible-website][master] 2026-02: remove duplicated academic-papers section

Wed Mar 11 10:24:21 UTC 2026


James Addison pushed to branch master at Reproducible Builds / reproducible-website


Commits:
36ce8706 by James Addison at 2026-03-11T10:23:31+00:00
2026-02: remove duplicated academic-papers section

(after confirming that they are bit-for-bit identical)

Ref / credit: https://lists.reproducible-builds.org/pipermail/rb-general/2026-March/004055.html

- - - - -


1 changed file:

- _reports/2026-02.md


Changes:

=====================================
_reports/2026-02.md
=====================================
@@ -107,49 +107,6 @@ Once again, there were a number of improvements made to our website this month i
 
 <br>
 
-### Four new academic papers
-
-[![]({{ "/images/reports/2026-02/2601.20662.png#right" | relative_url }})](https://arxiv.org/abs/2601.20662)
-
-Julien Malka and Arnout Engelen published a paper titled [*Lila: Decentralized Build Reproducibility Monitoring for the Functional Package Management Model*](https://arxiv.org/abs/2601.20662):
-
-> [While] recent studies have shown that high reproducibility rates are achievable at scale — demonstrated by the Nix ecosystem achieving over 90% reproducibility on more than 80,000 packages — the problem of effective reproducibility monitoring remains largely unsolved. In this work, **we address the reproducibility monitoring challenge by introducing *Lila*, a decentralized system for reproducibility assessment tailored to the functional package management model.** Lila enables distributed reporting of build results and aggregation into a reproducibility database […].
-
-A [PDF](https://arxiv.org/pdf/2601.20662) of their paper is available online.
-
-<br>
-
-[![]({{ "/images/reports/2026-02/2602.11887.png#right" | relative_url }})](https://arxiv.org/abs/2602.11887)
-
-Javier Ron and Martin Monperrus of [KTH Royal Institute of Technology](https://www.kth.se/en), Sweden, also published a paper, titled [*Verifiable Provenance of Software Artifacts with Zero-Knowledge Compilation*](https://arxiv.org/abs/2602.11887):
-
-> Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular technique, called reproducible builds, requires difficult matching and reexecution of build toolchains and environments. **We propose a novel approach to verifiable provenance based on compiling software with zero-knowledge virtual machines (zkVMs).** By executing a compiler within a zkVM, our system produces both the compiled output and a cryptographic proof attesting that the compilation was performed on the claimed source code with the claimed compiler. […]
-
-A [PDF](https://arxiv.org/pdf/2602.11887) of the paper is available online.
-
-<br>
-
-[![]({{ "/images/reports/2026-02/2602.17678.png#right" | relative_url }})](https://arxiv.org/abs/2602.17678)
-
-Oreofe Solarin of [Department of Computer and Data Sciences](https://engineering.case.edu/computer-and-data-sciences), [Case Western Reserve University](https://case.edu/), Cleveland, Ohio, USA, published [*It's Not Just Timestamps: A Study on Docker Reproducibility*](https://arxiv.org/abs/2602.17678):
-
-> Reproducible container builds promise a simple integrity check for software supply chains: rebuild an image from its Dockerfile and compare hashes. **We built a Docker measurement pipeline and apply it to a stratified sample of 2,000 GitHub repositories that contained a Dockerfile. We found that only 56% produce any buildable image, and just 2.7% of those are bitwise reproducible without any infrastructure configurations.** After modifying infrastructure configurations, we raise bitwise reproducibility by 18.6%, but 78.7% of buildable Dockerfiles remain non-reproducible.
-
-A [PDF](https://arxiv.org/pdf/2602.17678) of Oreofe's paper is available online.
-
-<br>
-
-[![]({{ "/images/reports/2026-02/2602.19383.png#right" | relative_url }})](https://arxiv.org/abs/2602.19383)
-
-Lastly, Jens Dietrich and Behnaz Hassanshahi published [*On the Variability of Source Code in Maven Package Rebuilds*](https://arxiv.org/abs/2602.19383):
-
-> [In] this paper we test the assumption that the same source code is being used [by] alternative builds. To study this, we compare the sources released with packages on Maven Central, with the sources associated with independently built packages from Google's [Assured Open Source](https://cloud.google.com/security/products/assured-open-source-software) and Oracle's Build-from-Source projects. […]
-
-A [PDF](https://arxiv.org/pdf/2602.19383) of their paper is available online.
-
-<br>
-
-
 ### Four new academic papers
 
 [![]({{ "/images/reports/2026-02/2601.20662.png#right" | relative_url }})](https://arxiv.org/abs/2601.20662)



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/36ce870611f9100c23d91914708b83fea6a278e9

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/36ce870611f9100c23d91914708b83fea6a278e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20260311/9eb9d32b/attachment.htm>
