Feature changed by: Alex Jordan (strugee) Feature #318872, revision 2 Title: Allow building reproducible packages in OBS Buildservice: Unconfirmed Priority Requester: Neutral Requested by: Alex Jordan (strugee) Partner organization: openSUSE.org Description: "Reproducible builds" refers to the idea that packages should have the ability to be built locally and come out bit-for-bit identical to the widely distributed copy. It would be nice if OBS produced reproducible packages in the event that it can easily do so (and when asked to, - probably). For more details, see the Tor Project's blog posts on [why - this is important][1] and [how they implemented it in the Tor Browser - Bundle][2]. + probably). + For more details, see the Tor Project's blog posts on [why this is + important][1] and [how they implemented it in the Tor Browser Bundle] + [2]. It may also be useful to look at [how the Debian people did this] + [3]. [1]: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-... [2]: https://blog.torproject.org/blog/deterministic-builds-part-two-technical-det... + [3]: https://wiki.debian.org/ReproducibleBuilds Business case (Partner benefit): openSUSE.org: Reproducible builds give packages useful security properties. In particular, in the event that OBS is compromised (probably by a malicious actor, but also possibly by within SUSE, someone associated with upstream, etc.), that fact can be independently caught. -- openSUSE Feature: https://features.opensuse.org/318872