Reproducible Builds - We Made Lots of Progress in Many Places, But We're Still Far From Our Goals of Changing the (Software) World

Reproducible builds enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries. This talk will rep …

Reproducible builds enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries. This talk will report on the state of reproducible builds in various distributions (Debian, Archlinux, coreboot, F-Droid, Fedora, FreeBSD, Guix, NetBSD, OpenWrt, SuSE, and Qubes OS - to name a few) and thus should be interesting and insightful for anyone working on any free software project. Holger will explain how he started working on this in the Debian context and how his focus shifted slightly over the time. So he will start with explaining the status of Reproducible Debian, but this is quickly followed by an overview of common problems and solutions, followed by a quick explaination of the shared test infrastructure for reproducible tests of any project. You will learn how the community was broadened, what future plans we have to address what might be needed beyond being able to reproducible build something, so this becomes truly meaningful for users in practice. In this talk you will also learn about the challanges we’re facing to deliver on the promise. Being able to reproducibly build in theory is not enough, one needs to be able to do so in practice. And enabling this on a distro scale is much harder than we thought…