Check out what's been going on in the world of during April 2023. reproducible-builds.org/reports/2023-0 🔷🔷🔷
Follow
Reproducible Builds
@ReproBuilds
A set of software development practices that create an independently-verifiable path from source code to the binary code used by computers.
reproducible-builds.orgJoined October 2015
Reproducible Builds’s Tweets
2
The monthly roundup from these folks is nice.
Quote Tweet
Check out what has been going on during March 2023 in the world of @ReproBuilds reproducible-builds.org/reports/2023-0
featuring @openSUSE @archlinux @debian @conservancy @lolamby @debconf @debian1
1
If you run "guix pull" today, you get a package graph of > 22,000 nodes rooted in a 357-byte program---something that has never been achieved, AFAIK, since the birth of Unix: a Full-Source Bootstrap.
#bootstrappable
11
42
62
Show this thread
1
💠 Check out what has been going on during March 2023 in the world of 💠 reproducible-builds.org/reports/2023-0
featuring
2
3
1
Another challenge was supporting reproducible builds. has made major strides in fighting the entropy of container builds, and tools like Kaniko and BuildKit support reproducibility. We’re currently working to support this in our CLI, and adding detailed guides.
1
1
2
Show this thread
ModiTect will soon support reproducible builds. Another improvement brought by exchanging ideas and knowledge during
2
4
10
1
Once more, with feeling! reproducible-builds.org/reports/2023-0
Quote Tweet
Check out what's happened in the last month in @ReproBuilds and software supply-chain security in the last month in our recent report. 
1
Check out what's happened in the last month in and software supply-chain security in the last month in our recent report. 🔷🔷
1
4
8
2
3
Bumper month in the world of — check out our latest report here: reproducible-builds.org/reports/2023-0
On the mailing list they show the potential to use data from what's supposed to be only signature data to determine the execution of the product. Turns out in the case of Android, whole JS programs can be hidden outside the signed part:
lists.reproducible-builds.org/pipermail/rb-g
1
4
8
Show this thread
1
Show this thread
2
7
17
2
3
1
maintains a curated list of projects upholding reproducible build practices, including Arch Linux, MirageOS, F-Droid, NixOS, coreboot, and Talos Linux. The effort is sponsored by the Google Open Source Security Team.
reproducible-builds.org/who/projects/
1
3
7
The latest status update from the Reproducible Builds project is now out: reproducible-builds.org/reports/2022-1 feat. and many many more. :) 🔷🔷
2
11
2
• A very special #BuildKit release has just been released✨
• With that release, #SBOM and #provenance generation will be supported by #BuildKit natively!🥳
• Also, lots of other significant improvements related to Image Layout, Annotations, and 🤹♀️
13
40
Check out what's been happening in the world of during October 2022 in our latest report: reproducible-builds.org/reports/2022-1
5
10
1
1
📣📣📣 Hot off the presses, it's the report for September 2022! 📣📣📣
reproducible-builds.org/reports/2022-0 feat. and even the NSA 👻
3
7
2
3
1
3
Here's what been happening in the effort during the past month! reproducible-builds.org/reports/2022-0🔹featuring #diffoscope & more
5
7
The article mentions "adding signed build information".
Instead of taking the attestation route, how about enabling verifiability through ?
More on how this vision plays out in #Guix in this paper:
doi.org/10.22152/progr 👈
1
3
What's been happening in software supply-chain security and this month? Well, we might have the report for you...
reproducible-builds.org/reports/2022-0
feat. #diffoscope & much more
2
2
"Is reproducibility practical?"
👉 hpc.guix.info/blog/2022/07/i
New blog post questioning interpretations of #reproducibility, how they relate to & #ReproducibleResearch, and how that affects #OpenScience practices.
8
11