As I mentioned on the call, Holger Levsen and Lunar from Debian are leading
a summit on reproducible builds, Dec 1-3, in Athens Greece. Obviously pertinent to binary transparency.
More info will be forthcoming soon, and a Holger's full rundown is pasted below.
For now, know that travel support is available for those who'd be into that, and we'll have logistics info out soon. Please let me know shortly if you're able to make it and I'll make sure your name is passed to Holger and the other organizers.
Cheers,
Meredith
Holger's rundown:
We have been working for the past two years on “reproducible builds” inDebian [1]. The idea is to empower users to get a verifiable path from abinary package to its source. By enabling anyone to reproduce abyte-for-byte identical build, we enable the community to be sure thatno hard to detect flaws have been introduced in the build process.During these two years, we have developed a better understanding of theproblems and are making good progress to make this happen in Debian. Butwe believe the issue at hand concerns everyone involved in freesoftware, and we would like to see more projects working on becoming“reproducible”.To make this happen and to foster cooperation, we are organizing a 3days meeting in Athens, Greece, on December 1st-3rd 2015. The idea is toget a better understandings of the issues, share perspectives fromdifferent free software projects, account for past and presentexperiments, and identify areas for cooperation.“Reproducible builds” are not just about the build process. While thenecessary steps beyond the builds themselves (like recording andreproducing the build environment, distributing signed checksums ofrebuilds, or writing easy tools for users) are likely to be differentfor different projects, we believe we could all benefit from sharingdesign ideas and maybe even code.We have the chance to have bits of fundings from organizations thatwould like the Internet to be a safer place for everybody, so we shouldbe able to pay travel and accommodation for most of the attendees. We areaiming for 30 attendees, therefore it would probably work best with onlyone or two members of each project. There will be more people from theDebian reproducible builds team, as it will make it easier to share ourknowledge.For anyone who would like to attend, we would need to know how much, *ifany*, travel and accommodation sponsorship is needed.If you want to get an overview of where we are at, different aspects ofthe problem and the solutions that have been found by different projectshave been reviewed in a talk recently held at the Chaos CommunicationCamp ’15. Full script [2] and recordings [3] are available.We are also happy to answer any other questions. :) [1]: https://wiki.debian.org/ReproducibleBuilds [2]: https://reproducible.alioth.debian.org/presentations/2015-08-13-
CCCamp15-outline.pdf [3]: https://media.ccc.de/browse/conferences/camp2015/camp2015-6657-
how_to_make_your_software_build_reproducibly.html