[blog] 01/01: 107: fill in from generate-draft script and turn into prose

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository blog.

commit 141237b96e4c167c8f6a8ce911b119924584a1c4
Author: Ximin Luo <infinity0 at debian.org>
Date:   Mon May 15 18:43:39 2017 +0200

    107: fill in from generate-draft script and turn into prose
---
 drafts/107.mdwn | 157 ++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 137 insertions(+), 20 deletions(-)

diff --git a/drafts/107.mdwn b/drafts/107.mdwn
index 2f9fe9b..2a03b4d 100644
--- a/drafts/107.mdwn
+++ b/drafts/107.mdwn
@@ -1,3 +1,10 @@
+[[!meta title="Reproducible Builds: week 107 in Stretch cycle"]]
+
+Here's what happened in the [Reproducible
+Builds](https://reproducible-builds.org) effort between Sunday May 7 and
+Saturday May 13 2017:
+
+
 Report from Reproducible Builds Hamburg Hackathon
 -------------------------------------------------
 
@@ -8,10 +15,10 @@ We were 16 participants from 18 projects. Three people were coming from the USA,
 We had three presentations:
 - about Reproducible Builds everywhere by h01ger
 - about https://in-toto.io by Justin Cappos
-- about of http://repeatr.io by Eric Myhre 
+- about of http://repeatr.io by Eric Myhre
 
 Last but not least, we had a lot of fun in the hackerspace, enjoyed some of their gimmicks,
-like being able to open physical doors with ssh and the like. 
+like being able to open physical doors with ssh and the like.
 
 [<img width="50%" alt="Not quite the hackathon"
 src="/blog/images/hamburg-hackathon-2017.jpg"
@@ -20,41 +27,145 @@ src="/blog/images/hamburg-hackathon-2017.jpg"
 (This wasn't the hackathon, but some of us appreciated these sights and so we thought you would too.)
 
 Thanks to:
-- Debian for sponsoring food and accomodation! 
+- Debian for sponsoring food and accomodation!
 - [Dock Europe](http://dock-europe.net) for providing us with really nice accomodation in the house!
 - [CCC Hamburg](http://hamburg.ccc.de) for letting us use their hackerspace for >3 days non-stop!
 
 
-Media coverage
---------------
+News and media coverage
+-----------------------
+
+openSUSE has had a [security breach in their
+infrastructure](https://lists.opensuse.org/opensuse-announce/2017-05/msg00000.html),
+including their build services. As of this writing, the scope and impact are
+still unclear, however the incident illustrates that no one should rely on
+being able to secure their infrastructure at all times. Reproducible Builds
+help mitigate this by allowing independent verification of build results, by
+parties that are unaffected by the compromise.
 
-[openSUSE has had a security breach in their infrastructure, including their build services](https://lists.opensuse.org/opensuse-announce/2017-05/msg00000.html).  While (as of this writing) the scope and impact are still unclear, this incident illustrates that no one can rely on being able to secure their infrastructure at all times. Reproducible Builds cannot do that either, but they help mitigate the problem by allowing independent verification of build results.
-<br/>
-(And please don't get us wrong: this can happen to *anyone*. Kudos to openSUSE for being open about it. Now let's continue working on reproducible builds everywhere!)
+(And please don't get us wrong: this can happen to *anyone*. Kudos to openSUSE
+for being open about it. Now let's continue working on reproducible builds
+everywhere!)
 
-On May 13th Chris Lamb gave a talk on Reproducible Builds at [OSCAL 2017](https://oscal.openlabs.cc/) in Tirana, Albania.
+On May 13th Chris Lamb gave a talk on Reproducible Builds at [OSCAL
+2017](https://oscal.openlabs.cc/) in Tirana, Albania.
 
 [<img width="25%" alt="OSCAL 2017"
 src="/blog/images/oscal2017.jpg"
 />](/blog/images/oscal2017.jpg)
 
 
-Toolchain
----------
+Toolchain bug reports and fixes
+-------------------------------
+
+- Chris Lamb:
+  * Fixed [[!bug 842635]], [[!bug 858389]] for [[!pkg docbook-to-man]] by
+    adopting the package.
+  * [[!bug 862003]] filed against [[!pkg debhelper]].
+  * [[!bug 862073]] filed against ftp.debian.org, to upload buildinfo files to
+    buildinfo.debian.net.
+- Steven Chamberlain:
+  * [[!bug 862059]] filed against [[!pkg sbuild]], for signing buildinfo files.
+- Ximin Luo:
+  * [[!bug 862112]] filed against [[!pkg r-base]].
+  * [[!bug 862113]] filed against [[!pkg gcc-6]].
+  * [[!bug 862116]] filed against [[!pkg dpkg]].
+
+
+Packages' bugs reports
+----------------------
+
+- Chris Lamb:
+  * [[!bug 862088]] filed against [[!pkg compass-h5bp-plugin]].
+  * [[!bug 862140]] filed against [[!pkg ofxstatement-plugins]].
+  * [[!bug 862179]] filed against [[!pkg acct]].
+  * [[!bug 862183]] filed against [[!pkg libjgroups-java]].
+  * [[!bug 862195]] filed against [[!pkg sendip]].
+  * [[!bug 862451]] filed against [[!pkg wammu]], forwarded [upstream](https://github.com/gammu/wammu/pull/49).
+  * [[!bug 862484]] filed against [[!pkg seqan2]].
+  * [[!bug 862553]] filed against [[!pkg vim-command-t]].
+  * [[!bug 862588]] filed against [[!pkg tkhtml1]].
+  * [[!bug 862592]] filed against [[!pkg taskcoach]].
+- Chris West:
+  * [[!bug 862252]] filed against [[!pkg dns-root-data]].
+
+
+Reviews of unreproducible packages
+----------------------------------
+
+11 package reviews have been added, 2562 have been updated and 278 have been
+removed in this week, adding to our knowledge about [identified
+issues](https://tests.reproducible-builds.org/debian/index_issues.html). Most
+of the updates were to move ~1800 packages affected by the generic catch-all
+[[!issue captures_build_path]] (out of ~2600 total) to the more specific
+[[!issue gcc_captures_build_path]], fixed by our pending patches to GCC.
+
+5 issue types have been updated:
+
+- Updated [[!issue docbook_to_man_one_byte_delta]]
+- Added [[!issue ocaml_captures_build_path]]
+- Added [[!issue gcj_captures_build_path]]
+- Added [[!issue gcc_captures_build_path]]
+- Re-added [[!issue docbook_to_man_one_byte_delta]]
+
+
+Weekly QA work
+--------------
+
+During our reproducibility testing, FTBFS bugs have been detected and reported by:
+
+ - Adrian Bunk (1)
+ - Chris Lamb (2)
+ - Chris West (1)
+
+
+diffoscope development
+----------------------
+
+diffoscope development continued in [git on the experimental
+branch](https://anonscm.debian.org/git/reproducible/diffoscope.git/log/?h=experimental):
 
-- https://bugs.debian.org/862059 ("sbuild: please sign buildinfo files")
-- https://bugs.debian.org/862003 ("debhelper: Regression in dh_fixperms causing packages to be non-reproducible")
-- https://bugs.debian.org/862073 ("ftp.debian.org: Please POST .buildinfo files to buildinfo.debian.net")
-- https://bugs.debian.org/842635 and https://bugs.debian.org/858389 closed via docbook-to-man package adoption
+- Maria Glukhova:
+  - Code refactoring and more tests.
+- Chris Lamb:
+  - Add safeguards against unpacking recursive or deeply-nested archives.
+    (Closes: [[!bug 780761]])
 
-Patches sent upstream
+
+strip-nondeterminism development
+--------------------------------
+
+- strip-nondeterminism 0.033-1 and 2 were uploaded to unstable by Chris Lamb. It included [contributions](https://anonscm.debian.org/git/reproducible/strip-nondeterminism.git/log/?h=debian/0.033-2) from:
+
+- Bernhard M. Wiedemann:
+  - Add cpio handler.
+  - Code quality improvements.
+- Chris Lamb:
+  - Add documentation and increase verbosity, in support of the long-term aim
+    of removing the need for this tool.
+
+
+reprotest development
 ---------------------
 
-- https://bugs.debian.org/862451 in wammu sent to https://github.com/gammu/wammu/pull/49
+- reprotest 0.6.1 and .2 were uploaded to unstable by Ximin Luo. It included [contributions](https://anonscm.debian.org/git/reproducible/reprotest.git/log/?h=debian/0.6.2) from:
 
-try.diffoscope.org development
-------------------------------
-https://github.com/lamby/trydiffoscope/commit/c3a74f064469d45f63d3a85db035d70d48e7cc4a
+- Ximin Luo:
+  * Add a documentation section on "Known bugs".
+  * Move developer documentation away from the man page.
+  * Mention release instructions in the previous changelog.
+  * Preserve directory structure when copying artifacts. Otherwise hash output
+    on a successful reproduction sometimes fails, because find(1) can't find
+    the artifacts using the original artifact_pattern.
+- Chris Lamb
+  * Add proper release instructions and a keyring.
+
+
+trydiffoscope development
+-------------------------
+
+- Chris Lamb:
+  * Uses the diffoscope from Debian experimental if possible.
 
 
 tests.reproducible-builds.org development in the last 4 weeks
@@ -62,3 +173,9 @@ tests.reproducible-builds.org development in the last 4 weeks
 
 TO BE WRITTEN, incl graphs to be included
 
+
+Misc.
+-----
+
+This week's edition was written by Ximin Luo, Holger Levsen and Chris Lamb &
+reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/blog.git