In this talk Holger Levsen will give an overview about reproducible builds, the past, the presence and the future. How it started with a small BoF at DebConf13 (and before), how it grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course the talk will not end there but rather outline where we are today and where we still need to be going, until we’ll all be running 100% reproducible software, verified by many.
And while Holger’s day to day work and this talk will have a Debian focus, reproducible builds in other project will be featured and not be left behind as Holger has been involved in Reproducible Builds since 2014 and has been working on reproducing Arch Linux, coreboot, Fedora, FreeBSD, NetBSD, OpenWrt and others. Other important software projects will also be covered and last not least Holger will also explain why you’ll want verifiable SBOMs and not just SBOMs.
So what is this talk about exactly again? “A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.”