i-probably-didnt-backdoor-this: Reproducible Builds for upstreams

Holger Levsen holger at layer-acht.org
Fri Aug 20 13:23:11 UTC 2021

hi kpcyrd,

On Thu, Aug 19, 2021 at 11:16:29PM +0000, kpcyrd wrote:
> I uploaded a github repo that distributes a Hello World in various
> formats (ELF binary, Docker image, 3rd party(!) Arch Linux package) and
> documented every file and command needed to reproduce the artifacts
> bit-for-bit:
> https://github.com/kpcyrd/i-probably-didnt-backdoor-this
> I'm not very confident with the reproducible docker image yet, but the
> rest should be ok. I'm planning to combine this with the reproducible Alpine
> Raspberry Pi images me and other people have been working on.

wow, that's awesome! Very much the direction we need to be moving with
Reproducible Builds as well..!


 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C

Alles weird gut.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210820/ca33a845/attachment.sig>

More information about the rb-general mailing list