Notices by Reproducible Builds (reproducible_builds@fosstodon.org)

Reproducible Builds in January 2025

Featuring:
* reproduce.debian.net
* Two new academic papers
* Distribution work
* On our mailing list…
* Upstream patches
* diffoscope
* Website updates
* Reproducibility testing framework

https://reproducible-builds.org/reports/2025-01/

There was a bunch of activity around Reproducible Builds at #FOSDEM! A 🧵...

On the main stage, core #ReproducibleBuilds dev Holger 'h01ger' Levsen presented "Titled Reproducible Builds: The First Ten Years" giving an overview: how it started with a small BoF at DebConf13 (and before), then grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an Executive Order of the President of the United States.

https://fosdem.org/2024/schedule/event/fosdem-2024-3353-reproducible-builds-the-first-ten-years/

"RISC-V Bootstrapping in Guix and Live-Bootstrap" was presented by @ekaitz_zarraga in the "Declarative and Minimalistic Computing" devroom, mentioning GNU Mes, TinyCC, GCC, live-bootstrap, GNU #Guix and other related projects.

https://fosdem.org/2024/schedule/event/fosdem-2024-1755-risc-v-bootstrapping-in-guix-and-live-bootstrap/

@malte and @katexochen presented "Reproducible builds for confidential computing: Why remote attestation is worthless without it" in the Confidential Computing devroom, covering the status quo of how reference values are used in CC. Based on a minimal open source example, they explained how they build fully reproducible OS images with mkosi and #NixOS - all the way from source code in Git to the reference values for remote attestation.

https://fosdem.org/2024/schedule/event/fosdem-2024-1769-reproducible-builds-for-confidential-computing-why-remote-attestation-is-worthless-without-it/