Reproducible Builds Summit, Dec 1-3, Athens Greece (you're invited)
53 views
Skip to first unread message
Meredith Whittaker
Oct 9, 2015, 11:06:11 AM10/9/15
to binary-tr...@googlegroups.com
Hi all,
--
As I mentioned on the call, Holger Levsen and Lunar from Debian are leading a summit on reproducible builds, Dec 1-3, in Athens Greece. Obviously pertinent to binary transparency.
More info will be forthcoming soon, and a Holger's full rundown is pasted below.
For now, know that travel support is available for those who'd be into that, and we'll have logistics info out soon. Please let me know shortly if you're able to make it and I'll make sure your name is passed to Holger and the other organizers.
Cheers,
Meredith
Holger's rundown:
We have been working for the past two years on “reproducible builds” in
Debian [1]. The idea is to empower users to get a verifiable path from a
binary package to its source. By enabling anyone to reproduce a
byte-for-byte identical build, we enable the community to be sure that
no hard to detect flaws have been introduced in the build process.
During these two years, we have developed a better understanding of the
problems and are making good progress to make this happen in Debian. But
we believe the issue at hand concerns everyone involved in free
software, and we would like to see more projects working on becoming
“reproducible”.
To make this happen and to foster cooperation, we are organizing a 3
days meeting in Athens, Greece, on December 1st-3rd 2015. The idea is to
get a better understandings of the issues, share perspectives from
different free software projects, account for past and present
experiments, and identify areas for cooperation.
“Reproducible builds” are not just about the build process. While the
necessary steps beyond the builds themselves (like recording and
reproducing the build environment, distributing signed checksums of
rebuilds, or writing easy tools for users) are likely to be different
for different projects, we believe we could all benefit from sharing
design ideas and maybe even code.
We have the chance to have bits of fundings from organizations that
would like the Internet to be a safer place for everybody, so we should
be able to pay travel and accommodation for most of the attendees. We are
aiming for 30 attendees, therefore it would probably work best with only
one or two members of each project. There will be more people from the
Debian reproducible builds team, as it will make it easier to share our
knowledge.
For anyone who would like to attend, we would need to know how much, *if
any*, travel and accommodation sponsorship is needed.
If you want to get an overview of where we are at, different aspects of
the problem and the solutions that have been found by different projects
have been reviewed in a talk recently held at the Chaos Communication
Camp ’15. Full script [2] and recordings [3] are available.
We are also happy to answer any other questions. :)
[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://reproducible.alioth.debian.org/presentations/2015-08-13-
CCCamp15-outline.pdf
[3]: https://media.ccc.de/browse/conferences/camp2015/camp2015-6657-
how_to_make_your_software_build_reproducibly.html
Debian [1]. The idea is to empower users to get a verifiable path from a
binary package to its source. By enabling anyone to reproduce a
byte-for-byte identical build, we enable the community to be sure that
no hard to detect flaws have been introduced in the build process.
During these two years, we have developed a better understanding of the
problems and are making good progress to make this happen in Debian. But
we believe the issue at hand concerns everyone involved in free
software, and we would like to see more projects working on becoming
“reproducible”.
To make this happen and to foster cooperation, we are organizing a 3
days meeting in Athens, Greece, on December 1st-3rd 2015. The idea is to
get a better understandings of the issues, share perspectives from
different free software projects, account for past and present
experiments, and identify areas for cooperation.
“Reproducible builds” are not just about the build process. While the
necessary steps beyond the builds themselves (like recording and
reproducing the build environment, distributing signed checksums of
rebuilds, or writing easy tools for users) are likely to be different
for different projects, we believe we could all benefit from sharing
design ideas and maybe even code.
We have the chance to have bits of fundings from organizations that
would like the Internet to be a safer place for everybody, so we should
be able to pay travel and accommodation for most of the attendees. We are
aiming for 30 attendees, therefore it would probably work best with only
one or two members of each project. There will be more people from the
Debian reproducible builds team, as it will make it easier to share our
knowledge.
For anyone who would like to attend, we would need to know how much, *if
any*, travel and accommodation sponsorship is needed.
If you want to get an overview of where we are at, different aspects of
the problem and the solutions that have been found by different projects
have been reviewed in a talk recently held at the Chaos Communication
Camp ’15. Full script [2] and recordings [3] are available.
We are also happy to answer any other questions. :)
[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://reproducible.alioth.debian.org/presentations/2015-08-13-
CCCamp15-outline.pdf
[3]: https://media.ccc.de/browse/conferences/camp2015/camp2015-6657-
how_to_make_your_software_build_reproducibly.html
Meredith Whittaker
Open Source Research Lead
Google NYC
Open Source Research Lead
Google NYC
Reply all
Reply to author
Forward
0 new messages