How could we accelerate *deployment* of verified reproducible builds?
David A. Wheeler
dwheeler at dwheeler.com
Sat Jan 30 16:27:31 UTC 2021
> On Jan 30, 2021, at 7:22 AM, Holger Levsen <holger at layer-acht.org> wrote:
>
> On Fri, Jan 29, 2021 at 05:39:01PM -0500, David A. Wheeler wrote:
>> What would be especially helpful for accelerating deployment of verified reproducible builds in a few key places? E.g., what tools, infrastructure, people paid to do XYZ?
>
> first, having verified reproducible builds! then, we can deploy them.
Technically correct, the best kind of correct :-). And to be fair, there *are* some reproducible builds (as others have noted).
But I want to see them accelerated into more key places. An unfair counter statement could be “you’ve been at this a while, why aren’t you done?”. I think that’s unfair because it’s not so easy; there are many little things that have to be done (timestamps set, collections forced into specific orders, etc.). But what would it take to accelerate things?
--- David A. Wheeler
More information about the rb-general
mailing list