A shout-out to Tor, from a totally different world.
I've added the phrase 'reproducible builds' to our 'projects that are succeeding at their goals because of Tor' riseup pad. :)
--Roger
----- Forwarded message from Lenny Foner foner@media.mit.edu -----
Date: Wed, 30 Nov 2016 10:55:26 -0500 From: Lenny Foner foner@media.mit.edu To: cluedump-announce@mit.edu Subject: TODAY: 7:30pm 5-134: Reproducible Builds
Please join us today, at 7:30pm in 5-134, for a Cluedump by Valerie Young on Reproducible Builds:
We trust FOSS software because we can read the source code. Or, at least, we trust FOSS software because we trust the community who reads and writes the source code. But users do not download source code and compile programs themselves; they download binaries. Binaries can be exploited in many ways, from a compromised developer to a compromised compiler, and without reproducible builds, we are not capable of independently verifying that a given binary came from the publicly available source code.
"'Reproducible builds?'" you might ask in confusion, "Are you implying the compilation of software is not deterministic?" Turns out, yes!
"Reproducible Builds" is the umbrella term for the wide FOSS effort to make the build chain of all software deterministic and transparent. In this talk, I will give a brief history of the reproducible builds effort from Tor's original success to the ongoing work of the Debian community to create an entirely reproducible operating system. You will leave with a clear understanding of the nuances and challenges of achieving reproducible builds and a clear vision for the exciting future where reproducible builds are the norm.
Bio:
Valerie Young is a Debian contributor and secretary for the board of directors of Software in the Public Interest. She studied physics and computer science at Boston University, worked at athenahealth for a few years, and is presently on vacation between paying jobs to chill and write free software.
Snacks will be served!
For more information, or if you'd like to give a Cluedump, please contact us at cluedumps@mit.edu. Anyone can give a Cluedump: undergraduates, graduate students, researchers, faculty, alumni, or those from outside MIT. To see prior Cluedumps, some of which have supplementary information, see http://cluedumps.mit.edu/. Add Cluedumps to your calendar at https://sipb.mit.edu/calendar/.
(bcc'd to dorm lists; NaN for bc-talk)
---------------------------------------------------------------------------
SIPB Cluedumps are one-to-two hour informal technical talks about any topic of interest to the MIT computer community. To receive future SIPB Cluedump announcements, be sure to subscribe to the cluedump-announce mailing list.
What is SIPB? More so than a traditional computer club, SIPB is a student group with deep roots in the culture and implementation of computer technology at MIT. SIPB is a community---a group of computer enthusiasts working together to learn and create. As a group, SIPB develops and maintains many technologies in official use at MIT, such as the operating system you use at Athena clusters. But, more than anything, SIPB is an opportunity for people of any major or background to come together, learn new skills, and make ideas come to life. Come learn more, get involved with one of many projects, or create your own! http://sipb.mit.edu/
----- End forwarded message -----