[Django] #37159: Implement reproducible builds

[Django]

#37159: Implement reproducible builds
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Type:
| Cleanup/optimization
Status: new | Component: Packaging
Version: dev | Severity: Normal
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
When building Django artifacts, if the build is [https://reproducible-
builds.org/ reproducible], then consumers can verify that an artifact was
built from the revision it claims to be built from, and releasers can also
confirm with each other (or with CI) before publishing.

Florian [https://forum.djangoproject.com/t/adopt-pep-740-digital-
attestations-for-django-releases/42460/18 mentioned] on the forum we are
likely to want this:

> Independent of whether any attestation might be a good idea or not, the
first steps imo are reproducible builds. We might even have them without
knowing it (or via slight adjustments only) since all in all we are just
packing up some files from a known revision in a tar/zip and we mostly
just need to fix timestamps (we don’t have to worry about compiled code
etc). This way it is possible to verify the built release by multiple
people before publishing. This makes a compromise of an individual machine
even less likely/useful. The next step would be to build the release in CI
as well providing another verifier for the reproducible build.
--
Ticket URL: <https://code.djangoproject.com/ticket/37159>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#37159: Implement reproducible builds
-------------------------------------+-------------------------------------

Reporter: Jacob Walls | Owner: (none)
Type: | Status: new
Cleanup/optimization |
Component: Packaging | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jacob Walls):

* cc: Charles Roelli (added)

Comment:

Charles, you mentioned to me at DjangoCon that you did some investigation
into this already. Do you have any findings you can summarize?
--
Ticket URL: <https://code.djangoproject.com/ticket/37159#comment:1>

[Django]

#37159: Implement reproducible builds
-------------------------------------+-------------------------------------

Reporter: Jacob Walls | Owner: Jacob
Type: | Walls
Cleanup/optimization | Status: assigned

Component: Packaging | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):

* owner: (none) => Jacob Walls
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/37159#comment:2>

[Django]

#37159: Implement reproducible builds
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Jacob
Type: | Walls
Cleanup/optimization | Status: assigned
Component: Packaging | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Natalia Bidart):

* stage: Unreviewed => Accepted

Comment:

Yes please :-)
--
Ticket URL: <https://code.djangoproject.com/ticket/37159#comment:3>