Whilst anyone can inspect the source code of free software for malicious flaws, software in Debian is distributed pre-compiled to end users. The motivation behind the Reproducible Builds effort is to permit verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised. This talk will explain the current status of the Debian Reproducible Builds project, what has changed in the last year, how this is relevant to you as a maintainer, and how this is relevant for the complete free software eco system and, finally, how you can contribute.
Speakers: Holger Levsen Chris Lamb