i-probably-didnt-backdoor-this: Reproducible Builds for upstreams
Holger Levsen
holger at layer-acht.org
Fri Aug 20 13:23:11 UTC 2021
hi kpcyrd,
On Thu, Aug 19, 2021 at 11:16:29PM +0000, kpcyrd wrote:
> I uploaded a github repo that distributes a Hello World in various
> formats (ELF binary, Docker image, 3rd party(!) Arch Linux package) and
> documented every file and command needed to reproduce the artifacts
> bit-for-bit:
>
> https://github.com/kpcyrd/i-probably-didnt-backdoor-this
>
> I'm not very confident with the reproducible docker image yet, but the
> rest should be ok. I'm planning to combine this with the reproducible Alpine
> Raspberry Pi images me and other people have been working on.
wow, that's awesome! Very much the direction we need to be moving with
Reproducible Builds as well..!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Alles weird gut.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210820/ca33a845/attachment.sig>
More information about the rb-general
mailing list