"Reproducible build" definition in OpenSSF glossary
David A. Wheeler
dwheeler at dwheeler.com
Sat Jul 12 15:22:00 UTC 2025
> On Jul 2, 2025, at 4:49 AM, Holger Levsen <holger at layer-acht.org> wrote:
>
>
> I'm not particularily keen on continuing this disussion here, right
> now (holiday season and all that) and would rather we continue to
> prepare for having this dicussion at the summit, possible by preparing
> some coherent statements on wikis or some such. (=a static place, not
> a mailing list post.)
Sadly, I don't plan to be at that summit, and I suspect others won't be able to
be there either.
To be clear: my goal is to have a *clear* definition of "reproducible builds".
I see at least 2 options:
1. My earlier proposal, expanding the definition slightly to include what Debian does
for its full images (to handle binary blobs).
2. A stricter ("original" ) definition that requires source code for what is being built.
In that case, I think it'd be important to define some *other* term, because what Debian
does is important & clearly related.
I'm okay with either. There are good arguments for keeping a stricter definition,
as long as there is *some* way to discuss approaches to loosening it.
--- David A. Wheeler
More information about the rb-general
mailing list