yay and his amazing "Reflections on Trusting Trust" was the grand inspiration for #GNU Mes and to start implementing the Full Source Bootstrap in #Guix! Thank you so much Ken!

https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/

@reproducible_builds
#reproducibleBuilds
#bootstrappable

Developers, please stop embedding (build) timestamps in binaries (including Android APKs). They are one of the most common reasons for builds not being reproducible. If you really need a timestamp, please use e.g. the timestamp of the last commit, not the current time during the build.

Also no UUIDs or ELF build-ids please. And please be careful with listing files or embedding lists of any kind: reading from the filesystem and the iteration order of hash maps etc. are usually nondeterministic. Sorting helps here. A lot 😀

https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds

#ReproducibleBuilds #IzzyOnDroid

Reproducible Builds · Wiki · IzzyOnDroid / repo · GitLab

The F-Droid compatible repo at https://apt.izzysoft.de/fdroid/

^GitLab

“It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security”
https://saschafahl.de/static/paper/reprobuilds2023.pdf

#ReproducibleBuilds