Introducing: Semantically reproducible builds
Clemens Lang
cal at macports.org
Sun May 28 21:03:18 UTC 2023
On Fri, May 26, 2023 at 04:06:44PM -0400, David A. Wheeler wrote:
> Reproducible builds are great for showing that a package really was
> built from some given source, but sometimes they're hard to do.
>
> If your primary goal is to determine where the major risks are from
> subverted builds, I think a useful backoff is something called a
> "semantically reproducible build". (This term was decided on in a
> discussion with some other people & now I can't remember who came up
> with the term.)
Back when we worked on the definition [1] of reproducible builds, we
used to call these "repeatable" or "equivalent" [2] to differentiate
them from bit-by-bit reproducibility. Maybe this could be used again in
this case, e.g., by publishing a definition of a "semantically
repeatable build" or "semantically equivalent build"?
[1] https://reproducible-builds.org/docs/definition/
[2] https://reproducible-builds.org/events/berlin2016/reproduciblebuildsdefinitionII/
HTH,
Clemens
More information about the rb-general
mailing list