Collaborative Working Sessions - Guix To-Do's

Long term goals:

  • All packages build reproducibly
    • Benefits security
    • Future proofing
  • K of N trust in substitutes (where K > 1)
    • Benefits security

Things related to reproducible builds

  • The data service info
  • guix challenge
  • guix build --check and guix build --rounds

TODO list: - build with disorderfs - linter for matching substitutes (to flag non reproducible packages) - QA checking reproducibility in patches/branches - User submitted build results - Prioritised list of packages/issues to fix

Actionable items

Some kind of guix buildinfo

That you can submit to the data service to describe a build you’ve done. Would be useful from the build coordinator but also submitted from users. This would help to find non-reproducible packages.

QA doing builds to test reproducibility

Improve qa.guix.gnu.org/reproducible-builds

Check and prioritise issues.

Track package reproducibility percentage over time

And backfill data.

Implement K of N trust in substitutes

See https://lists.gnu.org/archive/html/guix-devel/2020-06/msg00179.html

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info