Reproducible Builds Summit 2016 in Athens
I'm on the airplane back from Athens after the "Reproducible Summit", an Aspiration meeting focused on the issues of getting all software builds to be reproducible. It sounds like this horrible, arcane detail, which it is really, but it provides tons on real benefits:
- makes it easy to ensure no malware was inserted into software during the build process (e.g. the XCodeGhost malware we just saw)
- provides a QA tool to make sure that changes in the source code of a project produce only the expected results
- allows F-Droid to use the developer's APK signature while still verifying that apps build from 100% free software
- make it possible to optimize and profile build processes while guaranteeing the results are exactly the same
- for large projects, it can greatly speed up the build process (think rebuilding Gmail)
Represented there was: Debian, Google, FreeBSD, Fedora, F-Droid, Homebrew, MacPorts, NetBSD, Arch Linux, Coreboot, and a bunch of other less well known projects like an automotive Linux distro, Haskell hackers, etc.
It was funded by the Linux Foundation, Google, and OTF. They are already planning a second meeting in April, and are looking to get more projects involved. I'd love to get an Android distro involved. Anyone have any contacts of people working on Android ROMs that would be good candidates? I'm going to ask around in CyanogenMod, Blackphone, Copperhead, Replicant, and OmniROM.