[reproducible-website] 03/03: fix formatting
Holger Levsen
holger at layer-acht.org
Tue Mar 14 11:18:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository reproducible-website.
commit 41c464d2b1ef562ae3a589e382738c25678147ad
Author: Holger Levsen <holger at layer-acht.org>
Date: Tue Mar 14 12:16:23 2017 +0100
fix formatting
Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
_events/berlin2016/2017lookahead.md | 249 +++++++++++++++++-------------------
1 file changed, 117 insertions(+), 132 deletions(-)
diff --git a/_events/berlin2016/2017lookahead.md b/_events/berlin2016/2017lookahead.md
index 88855d1..f94a657 100644
--- a/_events/berlin2016/2017lookahead.md
+++ b/_events/berlin2016/2017lookahead.md
@@ -64,51 +64,49 @@ permalink: /events/berlin2016/2017lookahead/
### COMMUNITY
* meetings
- * regular 2-month IRC/voice meeting
- * more reproducible builds cross-project in person meetings
- * small 3-5 person hack sessions targeting specific goals
+ * regular 2-month IRC/voice meeting
+ * more reproducible builds cross-project in person meetings
+ * small 3-5 person hack sessions targeting specific goals
* network tooling/services
- * a community of “rebuilers”(?) publishing logs about rebuilds exists
- * central webservice for submitting/retrieval of =.buildinfo= files
+ * a community of “rebuilers”(?) publishing logs about rebuilds exists
+ * central webservice for submitting/retrieval of =.buildinfo= files
* untitled column
- * more embedded dev work in the community
+ * more embedded dev work in the community
* collaboration
- * =notes.git= will be more widely shared among distros
- * have more reproducibility teams in other distros
- * cross-distro outreach
+ * =notes.git= will be more widely shared among distros
+ * have more reproducibility teams in other distros
+ * cross-distro outreach
### DOCUMENTATION
* reproducible-builds.org
- * move content from debian pages to r-b.org
- * common place for all repro builds talks that everyone uses
- * there will be a “get involved” section
- * common (cross-distro) =.buildinfo= format specification written
- * blog planet/aggregator
- * we built a standard base for =.buildinfo= files
- * all cross-project tools documented not in specific projects only
+ * move content from debian pages to r-b.org
+ * common place for all repro builds talks that everyone uses
+ * there will be a “get involved” section
+ * common (cross-distro) =.buildinfo= format specification written
+ * blog planet/aggregator
+ * we built a standard base for =.buildinfo= files
+ * all cross-project tools documented not in specific projects only
* projects or distributions
- * fedora reproducible docs on how to reproduce builds
- * produce a template for projects that wish to make a public statement about reproducibility
- * link to Nix docs from r-b.org
- * improved RB-related doc on Bazel website
- * how to attach signatures without disrupting reproduce? guidelines for packagers.
+ * fedora reproducible docs on how to reproduce builds
+ * produce a template for projects that wish to make a public statement about reproducibility
+ * link to Nix docs from r-b.org
+ * improved RB-related doc on Bazel website
+ * how to attach signatures without disrupting reproduce? guidelines for packagers.
* untitled columns
- * searchable database of reproducibility issues (e.g. manpages)
- * examples of non-reproducibility problems explained (3-4 package examples — what did it cause?)
- * the FAQ section will be full of tips on how to use various tools in a reproducible way
- * Encyclopedia for working around common non-repro issues
- * index collection with repro issues and solutions with search
- * reproducible docs as manpages
- * HOWTO about creating reproducible packages
- * teach people how to easily build and test existing software
- * document setting up tests.r-b.org type infrastructure
+ * searchable database of reproducibility issues (e.g. manpages)
+ * examples of non-reproducibility problems explained (3-4 package examples — what did it cause?)
+ * the FAQ section will be full of tips on how to use various tools in a reproducible way
+ * Encyclopedia for working around common non-repro issues
+ * index collection with repro issues and solutions with search
+ * reproducible docs as manpages
+ * HOWTO about creating reproducible packages
+ * teach people how to easily build and test existing software
+ * document setting up tests.r-b.org type infrastructure
-3)
-COVERAGE / UPSTREAMS
+## 3) COVERAGE / UPSTREAMS
-common
-------
+### common
- upstream projects adopting SOURCE_PREFIX_MAP
- reproducibility stats collected and reported (for debian, freebsd, macports, openwrt/lede, coreboot, netbsd, f-rdoird, arch linux, etc)
@@ -116,56 +114,49 @@ common
- reproducible iso images
- all distros publish a statement about reproducibility
-freebsd
--------
+### FreeBSD
- reproducible base system 100%
- freebsd packages 90% reproducible by default (by count of pkgs)
- all reproducible build options on by default
- expectation for reproducibility understood by freebsd committers
-other distros
--------------
+### other distros
- macports will be 50% reproducible by count of pkgs
- get gentoo on board!
- more distros and FLOSS OSes join reproducible builds
-- OpenWrt & lede to 90% RB
-- prorpietary software incorporating reproduciblity
+- OpenWrt & LEDE to 90% RB
+- propietary software incorporating reproduciblity
- first 100% reproducible OS (with packages too)
- reproducible pkg src packages
-RPM-based
----------
+### RPM-based
- support for `.buildinfo` in necessary tools
- common discussion space for sharing problems and solutions
- some simple RPM pkgs already reproducible
- tools to reproduce
-guix
-----
+### Guix
- GNU Guix will have measurements of pkg reproducibility
- GNU Guix will have fixed repro issues in core packages: guile, python, gcc
-debian
-------
+### Debian
- debian unstable is 95% reproducible
- maintainers WANT to make reproducible debs
- `.buildinfo` in archive
- block debian testing migration on reproducibility regressions
-arch linux
-----------
+### Arch Linux
- write documention
- tools for users to verify reproducibility
- 100% reproducible core repo
-NixOS
------
+### NixOS
- reach milestone: make NixOS minimal ISO (+al deps) reproducible
- Hydra (CI): graph or reproducibility progress
@@ -174,10 +165,9 @@ NixOS
- nix: allow users to configure desired trust level (i.e. "wont only want only binaries builtby N out of K builders)
- provide a verifiable bootstrap chain in nixpkgs going back ~10 years
-4)
-HARDWARE / EMBEDDED
+## 4) HARDWARE / EMBEDDED
-## Hardware
+### Hardware
- How can we improve trust in hardware?
- Open Hardware Specs
- Reproducible RISC-V implementation on FPGA
@@ -186,7 +176,7 @@ HARDWARE / EMBEDDED
- Will have built/ported a free system to OpenRISC
- How do we improve trust in our networking hardware?
-## Firmware
+### Firmware
- Binary blobs are evil – how do we get more open source firmware?
- Reproducible OS images
- Tool to generate reproducible image
@@ -195,7 +185,7 @@ HARDWARE / EMBEDDED
- Can we have firmware audits with checksums by independent third parties?
- We have more Laptops supported without Management Engine
-## Internet of Things
+### Internet of Things
- We will have first devices with >= 50% reproducible software
- Security updates for IoT devices will be a thing
- There will be massive IoT botnets
@@ -203,61 +193,59 @@ HARDWARE / EMBEDDED
- Devices should be sold with clear maintenance period labels
- Yocto/OpenEmbedded builds provide `.buildinfo` & are reproducible
-## Manufacturing
+### Manufacturing
- Convince manufacturers to give out reproducible firmware
- Start conversations with vendors over benefits of reproducibility
- Talk to OEMs/ODM/...
-5)
-DEV TOOLS / TOOLCHAIN
+## 5) DEV TOOLS / TOOLCHAIN
-Metadata, etc.
- * PoC for opt to verify signature by multiple rebuilders
- * buildinfo. d. n to publish buildinfo of builds it _wants_ to have
+### Metadata, etc.
+* PoC for apt to verify signature by multiple rebuilders
+* buildinfo. d. n to publish buildinfo of builds it _wants_ to have
Compilers
- * GCC patches to upstream!
- * Rush reproducibility patches (inc. buildpath indep debug info)
- * Popular toolchains (C++, Java) work reproductibly and support SOURCE_PREFIX_MAP
- * LLVM / CLANG on pair with GCC regarding reproducible "patches"
- * Ocaml has no more reproducibility issues
- * Intentional nondeterminism patches
+* GCC patches to upstream!
+* Rush reproducibility patches (inc. buildpath indep debug info)
+* Popular toolchains (C++, Java) work reproductibly and support SOURCE_PREFIX_MAP
+* LLVM / CLANG on pair with GCC regarding reproducible "patches"
+* Ocaml has no more reproducibility issues
+* Intentional nondeterminism patches
Developer utilities
- * Git properties as "secure VCS" are analysed
- * PDF generating docs reproducible!
- * R data files are reproducible
- * Strip-nondeterminism is smaller due to issues fixed "properly"
+* Git properties as "secure VCS" are analysed
+* PDF generating docs reproducible!
+* R data files are reproducible
+* Strip-nondeterminism is smaller due to issues fixed "properly"
Diffoscope
- * Parallel diffoscope
- * More supported file formats
- * Integration with Taskotron
- * FreeBSD pkg format
- * Waterfall/ time-series gpaph at what diffoscope is doing (like Chrome Dev tools -> Network tab)
- * Detection of order difference in many files
+* Parallel diffoscope
+* More supported file formats
+* Integration with Taskotron
+* FreeBSD pkg format
+* Waterfall/ time-series gpaph at what diffoscope is doing (like Chrome Dev tools -> Network tab)
+* Detection of order difference in many files
Reprotest
- * Upstream devs are using reprotest to check for reproducibility
- * Reprotest has great usability
- * Reprotest runs on many different platforms
+* Upstream devs are using reprotest to check for reproducibility
+* Reprotest has great usability
+* Reprotest runs on many different platforms
Bootstrapping
- * Have fully mapped out bootstrapping chains for GCC, GHC, JDK, FPC, gradle, Maven
- * I want to have raised awareness about bootstrap binaries & shared work on GNU toolchain bootstrap
- * User accessible tools for fully bootstrap compilers
- * Compilers will be buildable with at least one _other_ compiler.
- * Tool to cross-bootstrap any Debian arch
+* Have fully mapped out bootstrapping chains for GCC, GHC, JDK, FPC, gradle, Maven
+* I want to have raised awareness about bootstrap binaries & shared work on GNU toolchain bootstrap
+* User accessible tools for fully bootstrap compilers
+* Compilers will be buildable with at least one _other_ compiler.
+* Tool to cross-bootstrap any Debian arch
.buildinfo files
- * Define a way to _select_ which buildinfo record should be compared
- * Automated buildinfo creation/inspection/comparassion tool
- * Extra optional fields in .buildinfo to help identify more causes of unreproducibility
- * Translation tool from .buildinfo specs to Guix/Nix deriviations + vice versa
+* Define a way to _select_ which buildinfo record should be compared
+* Automated buildinfo creation/inspection/comparassion tool
+* Extra optional fields in .buildinfo to help identify more causes of unreproducibility
+* Translation tool from .buildinfo specs to Guix/Nix deriviations + vice versa
Specific toolchains
- * RPM toolchain(s) analysed for sources of non-reproducibility
- * Reproducible autotools
- * Reproducible ELF Tool chains
- * No more buildpath issues (SOURCE_PREFIX_MAP widely adopted)
+* RPM toolchain(s) analysed for sources of non-reproducibility
+* Reproducible autotools
+* Reproducible ELF Tool chains
+* No more buildpath issues (SOURCE_PREFIX_MAP widely adopted)
- 6)
- USER TOOLS
+## 6) USER TOOLS
-## Predictions
+### Predictions
* Make F-Droid.org provide simple links to reproducibility results
* A tool to find who has been able to reproduce a package
@@ -274,73 +262,70 @@ Bootstrapping
* Tool for any user to execute reproduce instructions
* Tooling to create "reproducibility transparency" logs exist
-## Unknowns/questions
+### Unknowns/questions
* How to get fixes accepted by the Android Tools team at Google
* Can a crowdsourced database of reproducibility test results limit its search space enough to be useful?
* Will enough test infrastructure exist to establish reproducibility confidently?
-7)
-TESTING INFRASTRUCTURE
+## 7) TESTING INFRASTRUCTURE
-Analyzing non-RB
+### Analyzing non-RB
* Automatically classifying the causes of non-reproducibility
* Advanced statistics (research on trends, tendencies, etc.)
* Static Analysis in order to detect possible non-reproducible bugs in source code
-Misc improvements
+### Misc improvements
* Rebuild for each variation, to detect what effects the output
-Dev helping
+### Dev helping
* Maintainers can upload packegs for repro. testing
* Create a "fuzzing" tool to modify time|date|hostname|cwd etc. so that devs can test whether that affects them
-Deploy
+### Deploy
* Testing infra should be reproducible
* Be able to setup tests.r-b.org locally to test patches
* Be able to set up build for a pkg locally without whole CI infra (too)
-Non debian
+### Non-Debian
* ci.freebsd.org will run the testing infra for packages
* GNU Guix will be on tests.repro-b.org
* Measure cross-arch reproducibility of noarch RPMs
-debian tests
+### Debian tests
* Test arch:all separately
* Test arch:all cross-architecture
* One build on one arch, per Jenkins.d.n job-run (not just in pairs build1+build2)
-Data storage
+### Data storage
* PostgreSQL is used
* Store all the build artifacts of completed builds
-
-8)
-NEW DIRECTIONS
-
-Define secure VCS (Version Control System)
-Understand/analyze security properties of Git
-Run transparency log for software
-Debian FTP archive distributing build info file
-Better cross-distro build info support
-Design security-related logic, workflows and algorithms for buildinfo Files
-Having more people even at the Summit
-Crypto-signing more (reproducible) releases
-Sharing distributed databases of hashes for reproducible releases
-Having raised awareness of bootstrapping
-Start working on reproducible package installs
-Encourage projects, distros and software maintainers to publish a statement about reproducibiility of their stuff
-Store all build outputs...run diffs *later* to understand more
-Efforts on making major compilers bottstrappable has started
-Incorporate reproduible build results into binary transparency log
-Define schema for records so that two different paths to build same artifact looks good
-Write SOURC_PREFIX_MAP specification
-Push GCC guild path patches
-Push SOURCE_PREFIX_MAP into other build tools
-Achieve 97%+ reproducibility with build-path independence
-Government should require r-b by law for critical infrastructure SW
-
+## 8) NEW DIRECTIONS
+
+ * Define secure VCS (Version Control System)
+ * Understand/analyze security properties of Git
+ * Run transparency log for software
+ * Debian FTP archive distributing build info file
+ * Better cross-distro build info support
+ * Design security-related logic, workflows and algorithms for buildinfo Files
+ * Having more people even at the Summit
+ * Crypto-signing more (reproducible) releases
+ * Sharing distributed databases of hashes for reproducible releases
+ * Having raised awareness of bootstrapping
+ * Start working on reproducible package installs
+ * Encourage projects, distros and software maintainers to publish a statement about reproducibiility of their stuff
+ * Store all build outputs...run diffs *later* to understand more
+ * Efforts on making major compilers bottstrappable has started
+ * Incorporate reproduible build results into binary transparency log
+ * Define schema for records so that two different paths to build same artifact looks good
+ * Write SOURC_PREFIX_MAP specification
+ * Push GCC guild path patches
+ * Push SOURCE_PREFIX_MAP into other build tools
+ * Achieve 97%+ reproducibility with build-path independence
+ * Government should require r-b by law for critical infrastructure SW
+
<img style="margin-top: 10px; vertical-align: top;" src="{{ "/images/berlin2016/2017lookahead_01.jpg" | prepend: site.baseurl }}" alt="2017 Look ahead Post-It notes" />
<img style="margin-top: 10px; vertical-align: top;" src="{{ "/images/berlin2016/2017lookahead_02.jpg" | prepend: site.baseurl }}" alt="2017 Look ahead Post-It notes" />
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/reproducible-website.git
More information about the Reproducible-commits
mailing list