"Reproducible build" definition in OpenSSF glossary
Roland Clobus
rclobus at rclobus.nl
Thu Apr 24 05:11:06 UTC 2025
Hello list,
On 24/04/2025 02:56, John Gilmore wrote:
> fosslinux via rb-general <rb-general at lists.reproducible-builds.org> wrote:
>> Absolutely agreed! So let's have a definition that clearly defines top-down work as progress toward reproducibility. :D
>
> I am happy to see all sorts of progress toward reproducible
> distributions, whether it involves compiling from source code, or
> otherwise.
>
> Perhaps the definition of a "pure function" from mathematical computer
> science can help:
>
> https://en.wikipedia.org/wiki/Pure_function
Or this analogy that I came up with after a good night of sleep:
Building a live ISO image is similar to a statically linked C program.
Human input (i.e. source code): a) the configuration files b) a .c file
-> primarily plain text
Tool: a) live-build b) a c-compiler
Files internally used by the tool: a) .deb files b) .a files -> all binary
Output: a) ISO file b) a statically linked executable
With this analogy, we don't need to tweak the definition of source code
and image building tools (also including Docker images) can still be
part of the definition of reproducible builds.
With kind regards,
Roland Clobus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250424/0317b0f4/attachment.sig>
More information about the rb-general
mailing list