[rb-general] What is the goal of reproducible builds?
Arnout Engelen
arnout at bzzt.net
Mon Dec 9 14:31:21 UTC 2019
On Mon, Dec 9, 2019 at 2:39 PM Bernhard M. Wiedemann
<bernhardout at lsmod.de> wrote:
> TLDR:
> The goal of reproducible builds is to reduce the likelyhood of running
> software that was corrupted (during build)
I agree this is the primary/ultimate goal.
As a software developer, I have a closely related but somewhat smaller goal:
I want to reduce the likelihood of shipping software that was corrupted (during
build).
The reason I think it is interesting to identify this as an explicit
(sub)goal is
that it needs much less infrastructure to achieve: I already know what the
canonical location of my sources is, and I 'just' need to configure multiple
independent infrastructures to build the sources and compare the results.
I think such subgoals would also be useful in encouraging projects to set
up reproducible builds, and show them they can get certain advantages
even if they're not going 'all they way' just yet. I think it might be a fun
encouragement to award projects 'shields' for each level, but hadn't
gotten to properly writing that up yet. WiP at
https://salsa.debian.org/reproducible-builds/reproducible-website/merge_requests/new/diffs?utf8=%E2%9C%93&merge_request%5Bsource_project_id%5D=26278&merge_request%5Bsource_branch%5D=shields&merge_request%5Btarget_project_id%5D=26278&merge_request%5Btarget_branch%5D=master#869d49514c880baf8ed280ee3fce7cb0e50066d8
> discussions on mailing lists are often not easy to condense into such a document
True, sorry, I didn't feel this was quite fully baked enough to add
there without
discussion ;).
> At the summit we had a session on how/what the r-b/verification
> User-Experience (e.g. of apt) should be and found that it should be
> shaped by the goal of r-b.
Yes, that is very sensible.
Arnout
More information about the rb-general
mailing list