[rb-general] Reproducible builds discussed in Apache Software Foundation (ASF) legal-discuss mailing list

Holger Levsen holger at layer-acht.org
Fri Jan 25 02:08:20 CET 2019

On Tue, Jan 22, 2019 at 06:08:47PM -0500, David A. Wheeler wrote:
> FYI, the "legal-discuss at apache.org" mailing list is having an active discussion about doing reproducible builds for Apache Software Foundation (ASF) projects under the topic "RE: Binary channels".  You can see that here:
> https://lists.apache.org/list.html?legal-discuss@apache.org
> Their legal group is concerned about binaries released by the ASF - officially the ASF only releases source code, but in practice they release binaries - and how do they know they're okay?  One answer is to use reproducible builds.  I've been advocating for reproducible builds from the ASF, and thought you'd like to know. 

David, thanks a lot for sharing this pretty interesting story! I'm
curious when (or if?) they actually release verifiable, reproducible

is a URL for those not finding the search form...


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20190125/a9414dcf/attachment.sig>

More information about the rb-general mailing list