Documentation index

Academic publications

Citing reproducible-builds.org

The CITATION.cff file is available at the root of the repository. It can be used to generate citations in various formats using cffconvert.

If you are preparing a paper or article and wish to reference the reproducible-builds.org project, the following BibTeX entry is recommended:

@misc{ReproducibleBuildsOrg,
  author = {{Reproducible Builds}},
  title = {Reproducible Builds Website},
  url = {https://reproducible-builds.org/}
}

Academic publications

In addition to the resources mentioned, our repository also includes a bibliography.bib file, which contains BibTeX entries for all the academic publications listed here. This file is continuously updated to reflect the most recent scholarly works related to reproducible builds. It serves as a comprehensive source for researchers and practitioners looking to cite relevant literature in their work. The file can be found within the repository, making it easy for anyone to access and utilize in their own scholarly writings.

Reflections on trusting trust
Commun. ACM, 27 (8), 761–763
Thompson, K. (1984)
https://doi.org/10.1145/358198.358210
Fully countering trusting trust through diverse double-compiling
Wheeler, D. A. (2010)
https://arxiv.org/abs/1004.5534
Functional package management with guix
Courtès, L. (2013)
https://arxiv.org/abs/1305.4584
Reproducible and User-Controlled Software Environments in HPC with Guix
2nd International Workshop on Reproducibility in Parallel Computing (RepPar)
Courtès, L., & Wurmus, R. (2015, August)
https://inria.hal.science/hal-01161771
Automated localization for unreproducible builds.
Proceedings of the 40th International Conference on Software Engineering
Ren, Z., Jiang, H., Xuan, J., & Yang, Z. (2018, May)
https://doi.org/10.1145/3180155.3180224
Transparent, provenance-assured, and secure software-as-a-service
2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), 1–8
Tapas, N., Longo, F., Merlino, G., & Puliafito, A. (2019)
https://doi.org/10.1109/NCA.2019.8935014
In-toto: Providing farm-to-table guarantees for bits and bytes
Proceedings of the 28th USENIX Conference on Security Symposium, 1393–1410
Torres-Arias, S., Afzali, H., Kuppusamy, T. K., Curtmola, R., & Cappos, J. (2019)
https://www.usenix.org/conference/usenixsecurity19/presentation/torres-arias
Backstabber’s knife collection: A review of open source software supply chain attacks
In Lecture notes in computer science (pp. 23–43). Springer International Publishing.
Ohm, M., Plate, H., Sykosch, A., & Meier, M. (2020)
https://doi.org/10.1007/978-3-030-52683-2_2
Reproducible containers
Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, 167–182
Navarro Leija, O. S., Shiptoski, K., Scott, R. G., Wang, B., Renner, N., Newton, R. R., & Devietti, J. (2020)
https://doi.org/10.1145/3373376.3378519
Towards detection of software supply chain attacks by forensic artifacts
Proceedings of the 15th International Conference on Availability, Reliability and Security
Ohm, M., Sykosch, A., & Meier, M. (2020)
https://doi.org/10.1145/3407023.3409183
Toward long-term and archivable reproducibility
Computing in Science & Engineering, 23(3), 82–91
Akhlaghi, M., Infante-Sainz, R., Roukema, B. F., Khellat, M., Valls-Gabaud, D., & Baena-Galle, R. (2021)
https://doi.org/10.1109/mcse.2021.3072860
Reproducible builds: Increasing the integrity of software supply chains
IEEE Software, 39(2), 62–70
Lamb, C., & Zacchiroli, S. (2022)
https://doi.org/10.1109/MS.2021.3073045
An experience report on producing verifiable builds for large-scale commercial systems
IEEE Transactions on Software Engineering, 48(9), 3361–3377
Shi, Y., Wen, M., Cogo, F. R., Chen, B., & Jiang, Z. M. (2022)
https://doi.org/10.1109/TSE.2021.3092692
Automated patching for unreproducible builds
Proceedings of the 44th International Conference on Software Engineering, 200–211
Ren, Z., Sun, S., Xuan, J., Li, X., Zhou, Z., & Jiang, H. (2022)
https://doi.org/10.1145/3510003.3510102
Top five challenges in software supply chain security: Observations from 30 industry and organizations
IEEE Security & Privacy, 20(2), 96–100
Enck, W., & Williams, L. (2022)
https://doi.org/10.1109/MSEC.2022.3142338
Reproducibility of computational environments for software development
Bachelor’s thesis, RWTH Aachen University
Strangfeld, M. (2022)
https://doi.org/10.5281/zenodo.13843189
On business adoption and use of reproducible builds for open and closed source software
Software Quality Journal, 31(3), 687–719
Butler, S., Gamalielsson, J., Lundell, B., Brax, C., Mattsson, A., Gustavsson, T., Feist, J., Kvarnström, B., & Lönroth, E. (2022)
https://doi.org/10.1007/s11219-022-09607-z
It’s like flossing your teeth: On the importance and challenges of reproducible builds for software supply chain security
2023 IEEE Symposium on Security and Privacy (SP), 1527–1544
Fourne, M., Wermke, D., Enck, W., Fahl, S., & Acar, Y. (2023)
https://doi.org/10.1109/SP46215.2023.10179320
Signing in four public software package registries: Quantity, quality, and influencing factors
Schorlemmer, T. R., Kalu, K. G., Chigges, L., Ko, K. M., Isghair, E. A.-M. A., Baghi, S., Torres-Arias, S., & Davis, J. C. (2024)
https://arxiv.org/abs/2401.14635
Reproducibility of build environments through space and time
Malka, J., Zacchiroli, S., & Zimmermann, T. (2024)
https://arxiv.org/abs/2402.00424
Options Matter: Documenting and Fixing Non-Reproducible Builds in Highly-Configurable Systems
MSR 2024 - 21th International Conference on Mining Software Repository, 1–11.
Randrianaina, G. A., Khelladi, D. E., Zendra, O., & Acher, M. (2024)
https://inria.hal.science/hal-04441579
Reproducibility in software engineering
University of Mons.
Dellaiera, P. (2024)
https://doi.org/10.5281/zenodo.12666898
An overview and catalogue of dependency challenges in open source software package registries
University of Mons.
Mens T., Decan A. (2024)
https://doi.org/10.48550/arXiv.2409.18884

Documentation index