Beyond reproducible builds
Making the whole free software ecosystem reproducible and then…
Reproducible builds enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries.
This talk will report on the state of reproducible builds in various distributions (Debian, Archlinux, coreboot, F-Droid, Fedora, FreeBSD, Guix, NetBSD, OpenWrt, SuSE, and Qubes OS - to name a few) and thus should be interesting and insightful for anyone working on any free software project.
Holger will explain how he started working on this in the Debian context and how his focus shifted slightly over the last 12 months. So he will start with explaining the status of Reproducible Debian, but this is quickly followed by an overview of common problems and solutions, followed by a quick explaination of the shared test infrastructure for reproducible tests of any project. You will learn how the community was broadened, what future plans we have to address what might be needed beyond being able to reproducible build something, so this becomes truly meaningful for users in practice.
So yes, it's a complex topic and a big task, but by now it seems we managed to get our messages accross pretty well, as for example nowadays some people already expect the immiment release of a reproducible binary distribution. Sadly it is not the only question whether this will happen in 2016 or 2017 even though it could happen, there is "just" is still a of work ahead almost everywhere, in those nitty gritty details.