"Reproducible build" definition in OpenSSF glossary
David A. Wheeler
dwheeler at dwheeler.com
Thu May 15 22:13:50 UTC 2025
> On May 11, 2025, at 5:14 PM, Vagrant Cascadian <vagrant at reproducible-builds.org> wrote:
> The definition as it stands does have some oddness when considering
> things like system images, container images, etc. and I feel very mixed
> about letting go of the focus on source code, even though I do think
> there is space to call some of these usefully reproducible, I very much
> worry about dilluting the Reproducible Builds definition too much to
> accomodate them; I have the strong suspicion there will be unintended
> consequences.
Do others also have that concern?
If so, there's a simple solution: Use the two original definitions
of reproducible builds (combined so they don't conflict) that *require*
source code, and provide a new term for the case where you don't necessary
have source code (for the Debian ISO case). I suggest calling these
"regeneratable builds" and make it clear that these two ideas are
very similar but not *exactly* the same.
Would that be better?
--- David A. Wheeler
More information about the rb-general
mailing list