[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Sep 2013 18:07:55 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Reproducible Builds for Fedora
On Wed, Sep 25, 2013 at 11:45:38AM +0200, Ludwig Nussel wrote:
> Dhiru Kholia wrote:
>> I have been working on having Reproducible Builds in Fedora for some
>> time.
>>
>> At this point, I think I have something demoable. Ensuring Reproducible
>> Builds is a big task and I want your feedback, ideas, code and support.
>
> In openSUSE we have reproducible binaries to a certain extend. That
> project was started some years ago with different (non-security)
> intentions. Since the build service rebuilds packages automatically
> if any depending package changes, a way was needed to avoid publishing new
> rpms if the build result result didn't actually change. So there are
> now some scripts that automatically run at the of a new build and
> determine with some heuristics whether the new rpms match the old
> rpmsĀ¹. You can see the output of that script in every build log in
> openSUSE:Factory.
There are similar efforts for Debian:
https://wiki.debian.org/ReproducibleBuilds
Cheers,
Moritz
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
