GNU Mes - the Full Source Bootstrap
Reproducibility is not enough: The missing link between stage0/M2-Planet and Mes
- Track: Declarative and Minimalistic Computing devroom
- Room: D.declarative.minimalistic
- Day: Sunday
- Start: 11:50
- End: 12:05
- Video with Q&A: D.declarativeminimalistic
- Video only: D.declarativeminimalistic
- Chat: Join the conversation!
Last year (FOSDEM'20) GNU Mes helped create a second reduction by 50% of the Guix bootstrap binaries, to about ~60MiB; 25% of its original size. This year we have removed the binary seeds for MesCC-Tool and GNU Mes and replace them with Stage0 and M2-Planet: the Full Source Bootstrap!
Freedom of computing is what the free software movement is about, and it is becoming more important every day. Although "Open Source" has become quite popular, the underlying ideas of freedom and their importance are often overlooked or avoided. When we think about it, we know that we cannot expect to have free and democratic societies when the softwares we use are non-free and controlled by powerful "others".
Freedom of computing does not end with free software, that is where it starts. Whilst anyone may inspect the source code for malicious flaws, most software is distributed pre-compiled with no method to confirm whether they correspond. The Reproducible Builds project aims to fix this by asserting that users should be given a way to recreate a close enough build environment, perform the build process, and validate that the output matches the original build. GNU Guix is a distribution that is being developed with such verification in mind and has it built-in.
However, Reproducible Builds are also, not enough. We are thrilled that NlNet has acknowledged this by funding our work through the NGI0 PET fund. To get freedom of computing, we need bootstrappable builds, starting from a minimal binary seed; preferrably a full source bootstrap.
Speakers
Jan Nieuwenhuizen (janneke) |