Hi David, On Wed, Apr 23, 2025 at 01:30:21PM -0400, David A. Wheeler via rb-general wrote: > This "OpenSSF" definition was copied from the two different definitions > posted on the reproducible-builds.org <http://reproducibel-builds.org/> > website. The proposed OpenSSF definition attempts to combine these two > DIFFERENT definitions from the reproducible-builds site, because the > reproducible-builds site itself isn't consistent. These aren't "David's > definitions", these are the reproducible-builds.org > <http://reproducible-builds.org/> definitions.
thank you for clearing this up! > The first definition is way clearer on what it *means* to be a reproducible > build, and the second definition is way clearer on *why* you would want such > a thing. The proposed OpenSSF definition attempts to combine these two > different definitions, both formally posted on reproducible-builds.org > <http://reproducible-builds.org/>, into a single definition. That's all. also. > I see several people complaining about this proposed OpenSSF definition, but > those complaints also apply to the reproducible-builds.org > <http://reproducible-builds.org/> website definitions. I suggest that there > be a discussion about whether or not the reproducible-builds website > definitions should be be changed. If they are changed, then OpenSSF > definitions should be reviewed to see if they should match. I don't see why > the OpenSSF definitions should be seriously different from > reproducible-builds.org <http://reproducible-builds.org/>, which is what > proposers seem to be suggesting. agreed. Historically, https://reproducible-builds.org/docs/definition/ was there first, like almost 10 years ago, while the definition on the frontpage was rather recently added to have a version which more applies to the general public, I believe. ( And then we realized that this is still uncomprehensive to "normal people" and we came up with the "improving supply chain security" slogan, which very much hides how we do things and rather focus on the outcome. :) ) I do agree that having two definitions on our website is bad or sub-optimal and would welcome patches (and/or discussions in an MR as opposed to this list, though obviously its great to use this list to prepare such an MR) to address that. I also do think that https://reproducible-builds.org/docs/definition/ should have our definition because thats a stable URL since almost 10 years. Thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The entire society has no clue what the word freedom means in the context of relating to the world around them. It has degenerated into "my ego first". It is why the entire planet is dying right now.
signature.asc
Description: PGP signature
