Introducing: Semantically reproducible builds

Clemens Lang cal at
Sun May 28 21:03:18 UTC 2023

On Fri, May 26, 2023 at 04:06:44PM -0400, David A. Wheeler wrote:
> Reproducible builds are great for showing that a package really was
> built from some given source, but sometimes they're hard to do.
> If your primary goal is to determine where the major risks are from
> subverted builds, I think a useful backoff is something called a
> "semantically reproducible build". (This term was decided on in a
> discussion with some other people & now I can't remember who came up
> with the term.)

Back when we worked on the definition [1] of reproducible builds, we
used to call these "repeatable" or "equivalent" [2] to differentiate
them from bit-by-bit reproducibility. Maybe this could be used again in
this case, e.g., by publishing a definition of a "semantically
repeatable build" or "semantically equivalent build"?



More information about the rb-general mailing list