[rb-general] Debian buster, 54% reproducible in practice (Re: Core Debian reproducibility: 57% and rising!)

David A. Wheeler dwheeler at dwheeler.com
Sat Mar 2 00:01:09 CET 2019

On Fri, 1 Mar 2019 18:43:11 +0000, Holger Levsen <holger at layer-acht.org> wrote:
> For now, my headline for this is "Debian Buster: 93% reproducible in
> theory, 54% in practice". And while I'm saddened by the 'downgrade' in 
> percentage, I'm delighted we've reached the next level: real world 
> reproducibility. I'm also hopeful we'll find ways to climb from 54% to
> somewhat higher soon.

Totally understandable, but I would encourage you to be delighted :-).
Making things work "in the lab" is vital, but only if it eventually leads
to improvements in the real world.  Another way to look at it is....

The *majority* (54%) of packages in real-world Debian Buster are now reproducible!!

That's quite an achievement.  I expected that to take longer, to be honest.
And while 100% should be the end-goal, partial completion is still worthwhile.
Every time a package is made reproducible eliminates another place
where binaries can have undetected malicious code inserted
(assuming the toolsuite is not malicious), and the continued progress
might even dissuade attackers from trying.

--- David A. Wheeler

More information about the rb-general mailing list