breaking CI if build is not reproducible?

Hans-Christoph Steiner hans at guardianproject.info
Mon Jun 12 11:48:33 UTC 2023



Nicolas Vigier:
> On Wed, 07 Jun 2023, David A. Wheeler wrote:
> 
>>
>>> On Jun 7, 2023, at 9:50 AM, Martin Monperrus <martin.monperrus at gnieh.org> wrote:
>>>
>>> Hi all,
>>>
>>> We're researching on build reproducibility.
>>>
>>> Are you aware of any project where reproducibility is checked in a continuous integration pipeline?
>>
>> I think the Tor project does, but you'd need to ask them to verify.
> 
> We manually check that each new Tor Browser release is reproducible.
> But we currently don't do that in CI.

F-Droid does it when app updates are submitted via merge request.

https://gitlab.com/fdroid/fdroiddata/-/merge_requests/

.hc

-- 
Signal: +13478504872
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://keys.openpgp.org/search?q=EE6620C7136B0D2C456C0A4DE9E28DEA00AA5556


More information about the rb-general mailing list