Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130925160754.GA2503@inutil.org>
Date: Wed, 25 Sep 2013 18:07:55 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Reproducible Builds for Fedora

On Wed, Sep 25, 2013 at 11:45:38AM +0200, Ludwig Nussel wrote:
> Dhiru Kholia wrote:
>> I have been working on having Reproducible Builds in Fedora for some
>> time.
>>
>> At this point, I think I have something demoable. Ensuring Reproducible
>> Builds is a big task and I want your feedback, ideas, code and support.
>
> In openSUSE we have reproducible binaries to a certain extend. That
> project was started some years ago with different (non-security)
> intentions. Since the build service rebuilds packages automatically
> if any depending package changes, a way was needed to avoid publishing new
> rpms if the build result result didn't actually change. So there are
> now some scripts that automatically run at the of a new build and
> determine with some heuristics whether the new rpms match the old
> rpmsĀ¹. You can see the output of that script in every build log in
> openSUSE:Factory.

There are similar efforts for Debian:
https://wiki.debian.org/ReproducibleBuilds

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.