"Reproducible build" definition in OpenSSF glossary

Aman Sharma amansha at kth.se
Tue Apr 22 15:47:27 UTC 2025 

Hi all,


I tend to follow the definition that is stated in Reproducible Builds: Increasing the Integrity of Software Supply Chains<https://ieeexplore.ieee.org/abstract/document/9403390>: "The build process of a software product is reproducible if, after designating a specific version of its source code and all of its build dependencies, every build produces bit-for-bit identical artifacts, no matter the environment in which the build is performed."


The difference between the definition proposed on OpenSSF and the above is the usage of the "environment".

  1.  The definition above claims that build should be reproducible regardless of environment.
  2.  Definition on OpenSFF claims that build should take "build environment" in account to be reproducible.

But I believe, environment in the first definition refers to environment in general (OS, Architecture for examples) , while in the second refers to build tools used (compilers for example).

Regards,
Aman Sharma

PhD Student
KTH Royal Institute of Technology
School of Electrical Engineering and Computer Science (EECS)
Department of Theoretical Computer Science (TCS)
<http://www.kth.se><https://www.kth.se/profile/amansha><https://www.kth.se/profile/amansha>
<https://www.kth.se/profile/amansha>https://algomaster99.github.io/
________________________________
From: rb-general <rb-general-bounces at lists.reproducible-builds.org> on behalf of David A. Wheeler via rb-general <rb-general at lists.reproducible-builds.org>
Sent: Tuesday, April 22, 2025 5:37:50 PM
To: General discussions about reproducible builds
Cc: David A. Wheeler
Subject: "Reproducible build" definition in OpenSSF glossary

The OpenSSF is building a "glossary" set (so we consistently use the
same meaning for the same term), and I drafted a definition for "reproducible build"
based on this group:

https://glossary.openssf.org/reproducible-build/

If there's an issue please let me know!

--- David A. Wheeler

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250422/420d1f73/attachment.htm>

More information about the rb-general mailing list