Conversation

I think there are at least three ways that folks interpret “reproducible builds”: 1. Deterministic build process – when I re-run a build the same steps happen regardless of environment (i.e. developer workstation vs CI/CD system). This is important for developer sanity.
1
4
2. Artefacts that can be recreated – I can reproduce an equivalent artefact at an arbitrary future point. This is useful i.e. for figuring out customer reported issues on prior versions.
1
3
3. Binary reproducible – when I re-run a build with the same inputs I get bit-for-bit identical outputs. Useful for delivery optimisation and verifying builds.
1
3
These are all good things. 1 is going to pay dividends quite quickly when engineers have fewer “it works on my machine” head scratching moments. 3 is the gold standard, but is a long hard journey.
2
1
which are providing both developer experience benefits (better caching of intermediate artefacts) for their users and multiple benefits for their users’ users (verifiable builds, more optimal binary diffs for updates, etc).
1
Show replies