|
Message-ID: <20130925160754.GA2503@inutil.org> Date: Wed, 25 Sep 2013 18:07:55 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Reproducible Builds for Fedora On Wed, Sep 25, 2013 at 11:45:38AM +0200, Ludwig Nussel wrote: > Dhiru Kholia wrote: >> I have been working on having Reproducible Builds in Fedora for some >> time. >> >> At this point, I think I have something demoable. Ensuring Reproducible >> Builds is a big task and I want your feedback, ideas, code and support. > > In openSUSE we have reproducible binaries to a certain extend. That > project was started some years ago with different (non-security) > intentions. Since the build service rebuilds packages automatically > if any depending package changes, a way was needed to avoid publishing new > rpms if the build result result didn't actually change. So there are > now some scripts that automatically run at the of a new build and > determine with some heuristics whether the new rpms match the old > rpmsĀ¹. You can see the output of that script in every build log in > openSUSE:Factory. There are similar efforts for Debian: https://wiki.debian.org/ReproducibleBuilds Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.