Loading...

Reproducible builds: Two years in the trenches…

1,212 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 26, 2017

Chris Lamb
http://linux.conf.au/schedule/present...
Whilst anyone can inspect the source code of free software for malicious flaws, most Linux distributions provide binary (or "compiled") packages to end users.

The motivation behind "reproducible" builds is to allow verification that no flaws have been introduced during this compilation process by promising identical binary packages are always generated from a given source.

This prevents against the installation of backdoor-introducing malware on developers' machines - an attacker would need to simultaneously infect or blackmail all developers attempting to reproduce the build.

This talk will focus heavily on how exactly software can fail to be reproducible, the tools, tests & specifications we have written to fix & diagnose issues, as well as the many amusing "fails" in upstream's code that have been unearthed by this process. In addition, you will learn what to avoid in your own software as well as the future efforts in the Reproducible Builds arena.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...