breaking CI if build is not reproducible?
Hans-Christoph Steiner
hans at guardianproject.info
Mon Jun 12 11:48:33 UTC 2023
Nicolas Vigier:
> On Wed, 07 Jun 2023, David A. Wheeler wrote:
>
>>
>>> On Jun 7, 2023, at 9:50 AM, Martin Monperrus <martin.monperrus at gnieh.org> wrote:
>>>
>>> Hi all,
>>>
>>> We're researching on build reproducibility.
>>>
>>> Are you aware of any project where reproducibility is checked in a continuous integration pipeline?
>>
>> I think the Tor project does, but you'd need to ask them to verify.
>
> We manually check that each new Tor Browser release is reproducible.
> But we currently don't do that in CI.
F-Droid does it when app updates are submitted via merge request.
https://gitlab.com/fdroid/fdroiddata/-/merge_requests/
.hc
--
Signal: +13478504872
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://keys.openpgp.org/search?q=EE6620C7136B0D2C456C0A4DE9E28DEA00AA5556
More information about the rb-general
mailing list