"Reproducible build" definition in OpenSSF glossary

Ismael Luceno ismael at iodev.co.uk
Wed Jul 2 14:38:12 UTC 2025


On 02/Jul/2025 09:34, Simon Josefsson via rb-general wrote:
<...> 
> The Debian LiveCD doesn't fulfil your requirements.  It is built from
> pre-built binaries, some of them cannot be rebuilt reproducible, and
> some of them we don't have source code for.  This is not a bug that
> Debian community desire to see fixed, it is is encoded in the social
> contract (which of course could be modified again, but that's another
> discussion..).
> 
> I think the Debian LiveCD build process is reproducible enough to be
> allowed to use some reproducibility term.  We've seen a lot of
> fragmentation in the FOSS community over the years on fairly minor
> philosophical grounds, while strongly proprietary systems like iPhone or
> Windows wins ground.  I'm hoping we can defragment the reproducible
> build situation by inventing terminology that covers different
> situations.

Or we could do productive things like moving blobs somewhere else.

What are the technical limitations preventing blobs to live in a
secondary image?


More information about the rb-general mailing list