Introducing: Semantically reproducible builds
Andreas Enge
andreas at enge.fr
Fri Jun 2 16:26:08 UTC 2023
Hello,
Am Fri, Jun 02, 2023 at 11:39:42AM -0400 schrieb David A. Wheeler:
> I think the OSSGadget folks aren't fussed about this, because they're merely using this definition to explain what they're doing.
my first reaction also was "this is not a definition"! They are a few vague
words describing a property that, defined strictly (for instance something
like: "Two binaries are semantically equivalent if run in any environment
with any input they produce identical outputs and side effects"), is
certainly undecidable - it requires being able to decide the halting problem.
Reproducible builds are easily decidable and imply what one really wants,
semantic equivalence.
Of course one can then pile up any number of heuristics and one-sided tests
and conclude that one has not found a proof that two different binaries are
semantically inequivalent, but this is not a proof that they are semantically
equivalent (just as no number of tests proves that some code is correct).
> I think their answer on "are these semantically equivalent" would be, "run the current version of OSSGadget and the answer is what it says". It's a very straightward operational definition once put that way :-).
Then they could call it "OSSGadget-equivalent"...
Andreas
More information about the rb-general
mailing list