Here’s what happened in the Reproducible Builds effort between Sunday July 23 and Saturday July 29 2017:
Mattia posted an extensive status update from the Debian Reproducible Builds project to the
debian-devel-announcemailing list. There were subsequent discussions on Hacker News and Reddit.
A NASA presentation on “Real system failures” contained an interesting slide pertaining to reproducible builds.
A 2015 article on Reproducible Builds (“How Debian Is Trying to Shut Down the CIA and Make Software Trustworthy Again”) resurfaced in popularity, possibly due to the recent Wikileaks “Vault 7” exposure of malware whose effects can be ameliorated or detected by adopting Reproducible Builds.
Toolchain development and fixes
- Chris Lamb sent an experimental patch to
aptto make the output of
apt-ftparchivereproducible. Thanks to David Kalnischkies for reworking the result. (#869557)
Packages reviewed and fixed, and bugs filed
- Adrian Bunk:
- #869578 filed against gdmap.
- #869580 filed against teg.
- #869583 filed against gnome-specimen.
- #869884 filed against chemical-mime-data.
- #870047 filed against imagemagick.
- #870068 filed against kde4libs.
- Chris Lamb:
- #869516 filed against libcdio.
- A previous pull request against wheel was merged upstream.
- Helmut Grohne:
- #869584 filed against fontconfig.
- #869588 filed against libcap2.
Reviews of unreproducible packages
4 package reviews have been added, 2 have been updated and 24 have been removed in this week, adding to our knowledge about identified issues.
Weekly QA work
During our reproducibility testing, FTBFS bugs have been detected and reported by:
- Aaron M. Ucko (1)
- Adrian Bunk (35)
- Helmut Grohne (4)
- Stefan Tatschner (1)
- Juliana Oliveira Rodrigues:
- Ximin Luo:
This week’s edition was written by Chris Lamb, Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.