[rb-general] Change front page definition

Eli Schwartz eschwartz at archlinux.org
Mon Apr 22 20:42:14 CEST 2019 

On 4/4/19 11:25 AM, David A. Wheeler wrote:
> The front page has this definition:
> 
>> Reproducible builds are a set of software development practices
>> that create an independently-verifiable path from source to binary
>> code.
> 
> The word "path" here is confusing.  A "path" can be interpreted as
> being a "process", so it sounds like the only requirement is that you
> can rerun the *process*.  But that's not enough to be reproducible -
> you have to have identical *results*!  That is not at all clear from
> this definition.
> 
> That front page links to a different definition:
> 
>> A build is reproducible if given the same source code, build
>> environment and build instructions, any party can recreate
>> bit-by-bit identical copies of all specified artifacts.
> 
> I like this definition much more; it is much less ambiguous.  You
> could add "(e.g., executables)." after "artifacts" if you think that
> artifacts is too abstract.
> 
> Can we simply copy this definition to the front page & use this
> definition instead on https://reproducible-builds.org/ ?
> 
> Sorry to (re)start a definition war, but when I came back to look at
> the definition (while trying to explain it to someone else) I found
> it led to more questions than answers.

What about switching from:

Reproducible builds are a set of software development practices that
create an independently-verifiable path from source to binary code.
([more](link target))

To:

Reproducible builds are a set of software development practices that
create an independently-verifiable, trusted path from source code to a
specific binary artifact. Reproducible builds have many factors; for
more details, see the [technical definition](link target).

...

This clarifies that we care about reproducing a specific artifact, not
just reproducing the creation of "an" artifact.

Artifacts != executables and we should *not* lock ourselves into a
corner over whether this only applies to something in the ELF/PE/Mach-O
file formats. Also there can be lots of different executables for a
project that do the same thing e.g. compiled by and for different
distros, but "artifact" implies a lot more uniqueness.

Then immediately further down the main page, we already have a section
for "Why does it matter?", which can provide any additional
clarification needed about the tagline.

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20190422/7e8e1a40/attachment.sig>

More information about the rb-general mailing list