Hi Chris,
On Mittwoch, 26. August 2015, Chris Packham wrote:
Just for my own understanding is the "reproducible team" a u-boot thing or a debian thing? I'm not really active in any of the debian projects so maybe someone there should pick this up if it's a debian thing.
the "reproducible team" so far involved has indeed been the "Debian reproducible builds team", but we care about free software in general and we also think that reproducible builds shall become the norm one day.
very short one paragraph summary:
With free software, anyone can inspect the source code for malicious flaws. But Debian like most distributions provides binary packages to its users. The idea of “deterministic” or “reproducible” builds is to empower anyone to verify that no flaws have been introduced during the build process by reproducing byte-for-byte identical binary packages from a given source.
for a longer summary you might want to watch http://media.ccc.de/browse/conferences/camp2015/camp2015-6657-how_to_make_yo... or http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_2014122... - the latter explains the motivation behind our work in greater detail.
Or you can also read about this, https://wiki.debian.org/ReproducibleBuilds/About (alone, the wiki has much more information on other pages as well) has the following contents:
Why do we want reproducible builds? Reproducing builds Recording the environment Reproduce the build environment References Presentations Publicity Related projects Further work
Last but not least, the Debian reproducible builds team has also been investigating other projects, see eg
https://reproducible.debian.net/openwrt/ https://reproducible.debian.net/netbsd/ https://reproducible.debian.net/coreboot/ (and more will be coming.)
cheers, Holger