View all news

Reproducible Builds joins the Software Freedom Conservancy

Nov 8, 2018

… and receives US$300,000 donation from the Handshake Foundation.

We are excited to announce that our project is joining the Software Freedom Conservancy as a member project!

Conservancy is a 501(c)(3) not-for-profit organization based in New York that helps promote, develop and defend Free, Libre, and Open Source Software (FLOSS) projects.

Conservancy provides important services for its member projects. Member projects like us now can take directed donations which allows donors to earmark their donations for the benefit of a specific FLOSS project. Conservancy provides fiscal oversight to ensure that these funds are spent in a manner that advances the project and fits with Conservancy’s 501(c)(3) mission to promote, advance, and defend software freedom. Last, but not least, it can also provide projects with basic legal services.

The Reproducible Builds project, which began as a project within the Debian community, joins other adjacent work by Conservancy around this distribution such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy’s own compliance work: a build that cannot be verified may contain code that triggers different license compliance responsibilities than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software to guarantee that they are doing so responsibly and with care for those who further receive the software.

The Reproducible Builds project is already working with many crucial and well-known free software projects such as Coreboot (also a Conservancy project!), openSUSE, OpenWrt, Tails, GNU Guix, bootstrappable.org, FreeBSD, Arch Linux and Tor. In the past, the Core Infrastructure Initiative generously funded work on the project but this has since ceased. The work has continued in the meantime thanks to the contributions of volunteers.


As Reproducible Builds joins Conservancy, it is also receiving a donation of US$300,000 from the Handshake Foundation which will propel the project’s efforts to ensure the future health and usability of free software.


Karen Sandler, Executive Director of the Software Freedom Conservancy, says “The work being done at Reproducible Builds is critical for both the trust and long-term sustainability of free software projects. We’re proud to be able to support the project behind this set of practices which we hope will eventually be adopted by the wider free software community.”

Holger Levsen, who will chair the project’s Steering Committee, along with Bdale Garbee, Allen Gunn, Mattia Rizzolo, Keith Packard and Stefano Zacchiroli says, “I’m very happy that Reproducible Builds has become a Conservancy project and am much looking forward to see the results of this cooperation and the long term effects on the free software ecosystem. Reproducible Builds is on a long-term mission to change the way Free Software is distributed and used and I’m glad we have a strong partner who shares our vision and has ties into the wider community.”

Chris Lamb, the current Debian Project Leader and long-time contributor to the Reproducible Builds effort, references freedom #2 of the Free Software Foundation’s Four Freedoms when talking about the importance of trust when sharing software: “Are you really helping your neighbour if you distribute trojanned or otherwise compromised software?”

Conservancy, a public charity focused on ethical technology, is home to over fifty member projects dedicated to developing and promoting free and open source software. Conservancy acts as a corporate umbrella, allowing member projects to operate as non-profit initiatives without having to manage their own corporate structure and administrative services.

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info