Farewell from the Reproducible Builds summit, which just took place in Hamburg, Germany:
This year, we were thrilled to host the seventh edition of this exciting event. Topics covered this year included:
- Project updates from openSUSE, Fedora, Debian, ElectroBSD, Reproducible Central and NixOS
- Mapping the “big picture”
- Towards a snapshot service
- Understanding user-facing needs and personas
- Language-specific package managers
- Defining our definitions
- Creating a “Ten Commandments” of reproducibility
- Embedded systems
- Next steps in GNU Guix’ reproducibility
- Signature storage and sharing
- Public verification services
- Verification use cases
- Web site audiences
- Enabling new projects to be “born reproducible”
- Collecting reproducibility success stories
- Reproducibility’s relationship to SBOMs
- SBOMs for RPM-based distributions
- Filtering diffoscope output
- Reproducibility of filesystem images, filesystems and containers
- Using verification data
- A deep-dive on Fedora and Arch Linux package reproducibility
- Debian rebuild archive service discussion
… as well as countless informal discussions and hacking sessions into the night. Projects represented at the venue included:
Debian, openSUSE, QubesOS, GNU Guix, Arch Linux, phosh, Mobian, PureOS, JustBuild, LibreOffice, Warpforge, OpenWrt, F-Droid, NixOS, ElectroBSD, Apache Security, Buildroot, Systemd, Apache Maven, Fedora, Privoxy, CHAINS (KTH Royal Institute of Technology), coreboot, GitHub, Tor Project, Ubuntu, rebuilderd, repro-env, spytrap-adb, arch-repro-status, etc.
A huge thanks to our sponsors and partners for making the event possible:
Event facilitation
Platinum sponsor
If you weren’t able to make it this year, don’t worry; just look out for an announcement in 2024 for the next event.
