[rb-general] [PATCH] docs: Add a definition of "reproducible"

Clemens Lang cal at macports.org
Tue Dec 20 01:28:22 CET 2016

From: Clemens Lang <neverpanic at gmail.com>

Add the definition of reproducible as drafted at the reproducible builds
world summit in Berlin. Thanks to all participants in the sessions that
worked these out!
 _data/docs.yml      |  1 +
 _docs/definition.md | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 _docs/definition.md

diff --git a/_data/docs.yml b/_data/docs.yml
index dd85141..8440061 100644
--- a/_data/docs.yml
+++ b/_data/docs.yml
@@ -1,5 +1,6 @@
 - title: Best practices
+  - definition
   - plans
   - buy-in
   - test-bench
diff --git a/_docs/definition.md b/_docs/definition.md
new file mode 100644
index 0000000..16b547a
--- /dev/null
+++ b/_docs/definition.md
@@ -0,0 +1,34 @@
+title: When is a build "reproducible"?
+layout: docs
+permalink: /docs/definition/
+A build is reproducible if, given the same source code, build environment and
+build instructions, any party can recreate bit-by-bit identical copies of all
+specified artifacts.
+The relevant attributes of the build environment, the build instructions and
+the source code, as well as the expected reproducible artifacts, are defined by
+the authors or distributors. The artifacts of a build are the parts of the
+build results that are the desired primary output.
+## Explanations
+Source code is usually a version control checkout at a specific revision or
+a source code archive.
+Relevant attributes of the build environment would usually include dependencies
+and their versions, build configuration flags and some environment variables as
+far as they are used by the build system, such as for example, locale. It is
+preferable to reduce the set of relevant attributes of the build environment.
+Artifacts, for example, would include executables, distribution packages or
+filesystem images. They would usually not include a build log or similar
+secondary outputs.
+The reproducibility of artifacts is verified by bit-by-bit comparison. This is
+usually achieved using cryptographically secure hash functions.
+Authors or distributors means parties that claim reproducibility of a set of
+artifacts. These may be upstream authors, distribution maintainers or any other

More information about the rb-general mailing list