Journal article in reproducible builds

Ludovic Courtès ludo at
Fri Dec 2 13:53:30 UTC 2022


Simon Butler via rb-general <rb-general at>

> I'm pleased to announce that Software Quality Journal have published a
> article on reproducible builds. The article is open access and is at

Thanks for the well-documented and insightful read!

In the “Findings” section, you write:

  We identified three areas in which R-Bs are or may be of value as
  day-to-day software engineering practices within the six businesses.
  The first is the verification of software binaries distributed by OSS
  projects.  Much of the OSS used in systems we develop is built from
  source, in some cases we are building on the software before
  contributing revisions upstream, or there is a need to audit the
  source code for reasons including licensing and security.

Would you be able to estimate, within those companies, the extent to
which engineers resort to building from source as opposed to fetching
pre-built binaries from Debian, PyPI, Conda, DockerHub, etc.?


More information about the rb-general mailing list