Add reproducible builds status report submitted by emaste@freebsd.org.

Reviewed by: wblock Sponsored by: iXsystems
svn path=/head/; revision=49085
2016-07-09 22:09:55 +00:00 · 2016-07-09 22:09:55 +00:00 · 08416d209a · 2020-12-08 03:00:23 +00:00
commit 08416d209a
parent beb2202935
1 changed files with 73 additions and 0 deletions
--- a/en_US.ISO8859-1/htdocs/news/status/report-2016-04-2016-06.xml
+++ b/en_US.ISO8859-1/htdocs/news/status/report-2016-04-2016-06.xml
@ -1668,4 +1668,77 @@
      <task>Extensive testing.</task>
    </help>
  </project>
+
+  <project cat='bin'>
+    <title>Reproducible Builds in &os;</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Ed</given>
+	  <common>Maste</common>
+	</name>
+	<email>emaste@FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://wiki.freebsd.org/ReproducibleBuilds">Base System Reproducible Builds wiki page</url>
+      <url href="https://wiki.freebsd.org/PortsReproducibleBuilds">Ports Reproducible Builds wiki page</url>
+      <url href="http://www.bsdcan.org/2016/schedule/events/714.en.html">BSDCan 2016 Reproducible Builds in FreeBSD talk</url>
+      <url href="https://reproducible-builds.org/">Reproducible Builds website</url>
+      <url href="https://diffoscope.org/">Diffoscope home page</url>
+      <url href="https://people.freebsd.org/~emaste/reproducible-builds/iteration-1/diffoscope/">Diffoscope results from the BSDCan Reproducible Builds talk</url>
+    </links>
+
+    <body>
+      <p>Reproducible builds are a set of software development
+	practices which create a verifiable path from human readable
+	source code to the binary code used by computers.  In brief,
+	the idea is that building the same binary, software package,
+	document, or other binary artifact twice from the same source
+	produces identical output.  The <a
+	  href="https://reproducible-builds.org/">reproducible-builds.org website</a>
+	provides background information and documentation on making
+	builds reproducible.</p>
+
+      <p>Many folks have contributed to the reproducible build effort
+	in &os; src and ports over the last decade.  There are many
+	practical benefits of reproducible builds, such as bandwidth
+	and storage savings.  However, there is a growing interest in
+	the broad open source and free software communities,
+	primarily from a software and toolchain integrity perspective.
+	Over the last few years, some members of the Debian Project
+	have led a comprehensive and structured reproducible builds
+	effort.</p>
+
+      <p>Baptiste Daroussin and Ed Maste attended the first
+	Reproducible Builds Summit in Athens last year.  Since then,
+	Ed investigated the state of build reproducibility
+	in the ports tree, and presented
+	<i>Reproducible Builds in &os;</i> at BSDCan 2016.  With
+	some work in progress patches, over 80% of the &os; ports tree
+	builds reproducibly.</p>
+
+      <p>The Diffoscope tool performs in-depth comparison of files,
+	archives, or directories to understand why a binary artifact
+	does not build reproducibly.  Diffoscope results for the
+	nonreproducible builds in Ed's talk are available at one of
+	the links above.</p>
+    </body>
+
+    <sponsor>The &os; Foundation</sponsor>
+
+    <help>
+      <task>Integrate &os; ports builds into the
+	reproducible-builds.org continuous integration
+	infrastructure.</task>
+
+      <task>Integrate reproducible build patches into the ports
+	tree.</task>
+
+      <task>Investigate sources of nonreproducibility in individual
+	ports.</task>
+    </help>
+  </project>
 </report>