[U-Boot] about reproducible builds (was Re: [PATCH v3 2/2] Makefile: Add SOURCE_DATE_TZ)

Holger Levsen holger at layer-acht.org
Wed Aug 26 11:29:09 CEST 2015


Hi Chris,

On Mittwoch, 26. August 2015, Chris Packham wrote:
> Just for my own understanding is the "reproducible team" a u-boot
> thing or a debian thing? I'm not really active in any of the debian
> projects so maybe someone there should pick this up if it's a debian
> thing.

the "reproducible team" so far involved has indeed been the "Debian
reproducible builds team", but we care about free software in general
and we also think that reproducible builds shall become the norm one day.

very short one paragraph summary:

With free software, anyone can inspect the source code for malicious flaws.
But Debian like most distributions provides binary packages to its users. The
idea of “deterministic” or “reproducible” builds is to empower anyone to
verify that no flaws have been introduced during the build process by
reproducing byte-for-byte identical binary packages from a given source. 

for a longer summary you might want to watch 
http://media.ccc.de/browse/conferences/camp2015/camp2015-6657-how_to_make_your_software_build_reproducibly.html
or
http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html
 - the latter explains the motivation behind our work in greater detail.

Or you can also read about this,
https://wiki.debian.org/ReproducibleBuilds/About (alone, the wiki has much
more information on other pages as well) has the following contents:

Why do we want reproducible builds?
Reproducing builds
 Recording the environment
 Reproduce the build environment
References
Presentations
Publicity
Related projects
Further work

Last but not least, the Debian reproducible builds team has also been
investigating other projects, see eg

https://reproducible.debian.net/openwrt/
https://reproducible.debian.net/netbsd/
https://reproducible.debian.net/coreboot/
(and more will be coming.)


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20150826/5f3d3002/attachment.sig>


More information about the U-Boot mailing list