[New: openFATE 318872] Allow building reproducible packages in OBS
Feature added by: Alex Jordan (strugee) Feature #318872, revision 1 Title: Allow building reproducible packages in OBS Buildservice: Unconfirmed Priority Requester: Neutral Requested by: Alex Jordan (strugee) Partner organization: openSUSE.org Description: "Reproducible builds" refers to the idea that packages should have the ability to be built locally and come out bit-for-bit identical to the widely distributed copy. It would be nice if OBS produced reproducible packages in the event that it can easily do so (and when asked to, probably). For more details, see the Tor Project's blog posts on [why this is important][1] and [how they implemented it in the Tor Browser Bundle][2]. [1]: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-... [2]: https://blog.torproject.org/blog/deterministic-builds-part-two-technical-det... Business case (Partner benefit): openSUSE.org: Reproducible builds give packages useful security properties. In particular, in the event that OBS is compromised (probably by a malicious actor, but also possibly by within SUSE, someone associated with upstream, etc.), that fact can be independently caught. -- openSUSE Feature: https://features.opensuse.org/318872
Feature changed by: Alex Jordan (strugee) Feature #318872, revision 2 Title: Allow building reproducible packages in OBS Buildservice: Unconfirmed Priority Requester: Neutral Requested by: Alex Jordan (strugee) Partner organization: openSUSE.org Description: "Reproducible builds" refers to the idea that packages should have the ability to be built locally and come out bit-for-bit identical to the widely distributed copy. It would be nice if OBS produced reproducible packages in the event that it can easily do so (and when asked to, - probably). For more details, see the Tor Project's blog posts on [why - this is important][1] and [how they implemented it in the Tor Browser - Bundle][2]. + probably). + For more details, see the Tor Project's blog posts on [why this is + important][1] and [how they implemented it in the Tor Browser Bundle] + [2]. It may also be useful to look at [how the Debian people did this] + [3]. [1]: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-... [2]: https://blog.torproject.org/blog/deterministic-builds-part-two-technical-det... + [3]: https://wiki.debian.org/ReproducibleBuilds Business case (Partner benefit): openSUSE.org: Reproducible builds give packages useful security properties. In particular, in the event that OBS is compromised (probably by a malicious actor, but also possibly by within SUSE, someone associated with upstream, etc.), that fact can be independently caught. -- openSUSE Feature: https://features.opensuse.org/318872
Feature changed by: Stakanov Schufter (stakanov) Feature #318872, revision 3 Title: Allow building reproducible packages in OBS Buildservice: Unconfirmed Priority Requester: Neutral Requested by: Alex Jordan (strugee) Partner organization: openSUSE.org Description: "Reproducible builds" refers to the idea that packages should have the ability to be built locally and come out bit-for-bit identical to the widely distributed copy. It would be nice if OBS produced reproducible packages in the event that it can easily do so (and when asked to, probably). For more details, see the Tor Project's blog posts on [why this is important][1] and [how they implemented it in the Tor Browser Bundle] [2]. It may also be useful to look at [how the Debian people did this] [3]. [1]: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-... [2]: https://blog.torproject.org/blog/deterministic-builds-part-two-technical-det... [3]: https://wiki.debian.org/ReproducibleBuilds Business case (Partner benefit): openSUSE.org: Reproducible builds give packages useful security properties. In particular, in the event that OBS is compromised (probably by a malicious actor, but also possibly by within SUSE, someone associated with upstream, etc.), that fact can be independently caught. + Discussion: + #1: Stakanov Schufter (stakanov) (2015-04-10 12:58:49) + What an excellent idea. I would define this not only sensible but even + mandatory. -- openSUSE Feature: https://features.opensuse.org/318872
participants (1)
-
fate_noreply@suse.de