Please review the draft for March's report

kpcyrd kpcyrd at
Wed Apr 10 11:42:12 UTC 2024

On 4/10/24 12:58 PM, Chris Lamb wrote:

 > Reproducible builds developer kpcyrd reported that that the Arch 
Linux "minimal container userland" is now 100% reproducible after work 
by developers dvzv and Foxboron on the one remaining package. The post, 
which kpcyrd suffixed with the question "now what?", continues on to 
outline some potential next steps, including validating whether the 
container image itself could be reproduced bit-for-bit. The post 
generated a significant number of replies.

Thanks for the kind words :) maybe it should be listed higher though, in 
its own section, as "major accomplishment within the community"?

It's also missing both the backseat-signed tool and the discussion in 
it's thread that highlights the idea of "maybe we should put unmodified 
git snapshots into .orig.tar.xz instead of allowing undocumented 
pre-processing", for the security properties this would have. 
Unfortunately the repo of the project is currently difficult to clone, 
I've put 60MB of test data into git LFS, but Github only grants 1GB of 
traffic on free tier, allowing about 16 clones. The files can currently 
not be downloaded because I'd need to buy data packs.

I also didn't have any time to continue the email thread, however I 
think I have made all my points sufficiently clear, for the people 
reading the thread in the future.

There's currently a similar discussion on hacker news:


More information about the rb-general mailing list