Re: Is there a VERY minimalist "Pure Blend"
On Wed, Nov 26, 2014 at 5:18 PM, lynX wrote:
> And no, I don't have the patience to wait for reproducible
> compilation to someday be ready.
We are already building 63.2% of the archive reproducibly with a few
patches to core tools and addition of our strip-nondeterminism tool.
Once jessie is out we will be able to merge things and start further
development and advocacy amongst Debian maintainers. Just today I
prepared a mostly-complete patch for the package tracker website to
expose information from our jenkins instance that is doing test
rebuilds and comparing the resulting binary packages.
https://jenkins.debian.net/userContent/reproducible.html
> How can we allow EU inspectors to ensure that those
> binaries are produced from the correct source codes?
If you have access to funding I expect that the Debian/etc people who
are working on reproducible builds would absolutely love to spend more
time on achieving this. We would also welcome help from anyone
interested.
> Maybe there is indeed a way to produce a debian distribution
> completely from source, completely automatically, and I just
> haven't been shown yet.
It should be relatively easy to rebuild every package, that would just
be a loop around apt-get build-dep foo ; apt-get source -b foo.
We are also working on automated bootstrap:
https://wiki.debian.org/DebianBootstrap
Of course even when we finish that effort you will still need an
existing executable copy of some basic tools (compiler etc) to
bootstrap Debian.
Even then there are many many things to be done to improve Debian's
overall security, some ideas if you want to help out:
https://wiki.debian.org/Hardening/Goals
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: