On Wed, Nov 26, 2014 at 5:18 PM, lynX wrote: > And no, I don't have the patience to wait for reproducible > compilation to someday be ready.
We are already building 63.2% of the archive reproducibly with a few patches to core tools and addition of our strip-nondeterminism tool. Once jessie is out we will be able to merge things and start further development and advocacy amongst Debian maintainers. Just today I prepared a mostly-complete patch for the package tracker website to expose information from our jenkins instance that is doing test rebuilds and comparing the resulting binary packages. https://jenkins.debian.net/userContent/reproducible.html > How can we allow EU inspectors to ensure that those > binaries are produced from the correct source codes? If you have access to funding I expect that the Debian/etc people who are working on reproducible builds would absolutely love to spend more time on achieving this. We would also welcome help from anyone interested. > Maybe there is indeed a way to produce a debian distribution > completely from source, completely automatically, and I just > haven't been shown yet. It should be relatively easy to rebuild every package, that would just be a loop around apt-get build-dep foo ; apt-get source -b foo. We are also working on automated bootstrap: https://wiki.debian.org/DebianBootstrap Of course even when we finish that effort you will still need an existing executable copy of some basic tools (compiler etc) to bootstrap Debian. Even then there are many many things to be done to improve Debian's overall security, some ideas if you want to help out: https://wiki.debian.org/Hardening/Goals -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAKTje6EKrR=vvAZmHKxUc+AEpeB4ex=+o5eirfhzeyblhnq...@mail.gmail.com
