[rb-general] Reproducible builds discussed in Apache Software Foundation (ASF) legal-discuss mailing list

Bernhard M. Wiedemann bernhardout at lsmod.de
Thu Jan 24 16:57:49 CET 2019

On 23/01/2019 00.08, David A. Wheeler wrote:
> FYI, the "legal-discuss at apache.org" mailing list is having an active discussion about doing reproducible builds for Apache Software Foundation (ASF) projects under the topic "RE: Binary channels".  You can see that here:
> https://lists.apache.org/list.html?legal-discuss@apache.org
> Their legal group is concerned about binaries released by the ASF - officially the ASF only releases source code, but in practice they release binaries - and how do they know they're okay?  One answer is to use reproducible builds.  I've been advocating for reproducible builds from the ASF, and thought you'd like to know. 

even if they did not distribute binaries of their software, others will
do that and will face similar r-b issues.
So it is good to solve r-b issues at the root (aka upstream).

One example of how _not_ to do it can be seen in:


More information about the rb-general mailing list