[rb-general] Change front page definition

David A. Wheeler dwheeler at dwheeler.com
Mon Apr 22 20:17:53 CEST 2019


> On Thu, Apr 18, 2019 at 05:03:18PM -0400, David A. Wheeler wrote:
> > A build is reproducible if given the same source code, build environment,
> > and build instructions, any party can independently verify all specified
> > artifacts it produces (e.g., executables) by recreating bit-by-bit identical
> > copies. 

On Mon, 22 Apr 2019 14:48:03 +0000, Holger Levsen <holger at layer-acht.org> wrote:
> It might be non-obvious from where those copies are coming from, or IOW
> that the hashes of these sources are part of the build instructions.

I don't think that should be specified in the definition.
It shouldn't matter how you got copies, as long as you have them.
Having hashes of sources in the build instructions can be a useful implementation
approach, but I don't think those should be required either (if you have the actual
sources, there's no particular reason to require the hashes as well).


> > Reproducible builds help counter both unintentional errors and
> > malicious builds.
> 
> they also help with many other things, so I think at the least the word
> 'both' is misleading here.

Fair point.  I think removing that word "both" is good enough.
New version of the summary motivation is:

Reproducible builds help counter unintentional errors and malicious builds.


> > The reproducible builds project is developing a set of
> > recommended software development practices and tools to enable all builds
> > to be reproducible.
> 
> maybe not 'a set' but rather 'sets'? atm we are also still actively
> prototyping, so sometimes we currently have several solutions/prototypes
> for one issue. (and sometimes thats entirely appropriate, but mostly not
> I'd say.)

Fair point, and it's probably unnecessary to mention either "set" or "sets".
Also, I don't think the project is developing all the tools that could be useful.
How about this as a summary description of the project?:

The reproducible builds project is developing tools and recommended
software development practices to enable all builds to be reproducible.


Again, the goal is to maximize clarity for newcomers.

--- David A. Wheeler


More information about the rb-general mailing list