r-b as a recommendation in standards

Larry Doolittle larry at doolittle.boa.org
Thu Sep 26 15:40:36 UTC 2024


Bernhard -

On Thu, Sep 26, 2024 at 09:24:44AM +0200, Bernhard M. Wiedemann via rb-general wrote:
> On our summit in Hamburg we discussed that r-b should be listed as a
> recommendation or requirement in new standards to encourage people to ensure
> builds are reproducible.
> Via [1] I found 3 relevant standards:

This sounds like info that would be nice to collect and post at r-b.org.
Another that I know of is

Securing the Software Supply Chain: Recommended Practices for Managing Open-Source Software and Software Bill of Materials
https://media.defense.gov/2023/Dec/11/2003355557/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20MANAGING%20OPEN%20SOURCE%20SOFTWARE%20AND%20SOFTWARE%20BILL%20OF%20MATERIALS.PDF
August 2022, 64-page PDF by a consortium of U.S. Government agencies
unfortunately R-B is only a mentioned a couple of times, but it is there.
See Requirement ID REB-1.

  - Larry


More information about the rb-general mailing list