Collaborative Working Sessions - Arch huddle
Making Arch Linux Debug Packages Reproducible
This should be handled in three different steps. There are questions remaining to be answered before proceeding with the integration.
debuginfod
- Is
debuginfodsecure?- i.e. Is there authentication between
gdbanddebuginfod?
- i.e. Is there authentication between
⚠️ It is theoretically possible to perform code execution through debug symbols.
Mirrors
- Right now the debug packages live in a single server. We should start distributing them through mirrors and potentially have them in our archives as well.
- There is a question about storage since debug packages might take a good amount of disk space.
- “We shouldn’t let the limitations of mirrors affect our design choices”.
Integration
Here are the tools that needs integration:
- rebuilderd
- devtools
- repro
- We need to check hashes etc.
Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info
