[presentations] 01/01: OSSE: some more polishing

Holger Levsen holger at layer-acht.org
Wed Oct 25 10:19:21 UTC 2017 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository presentations.

commit 14f376393f0e2de0a46590e589b02ea51d0565d7
Author: Holger Levsen <holger at layer-acht.org>
Date:   Wed Oct 25 12:19:11 2017 +0200

    OSSE: some more polishing
    
    Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
 2017-10-25-OSSE/2017-10-25-OSSE.tex | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/2017-10-25-OSSE/2017-10-25-OSSE.tex b/2017-10-25-OSSE/2017-10-25-OSSE.tex
index e4fe3b6..de871cf 100644
--- a/2017-10-25-OSSE/2017-10-25-OSSE.tex
+++ b/2017-10-25-OSSE/2017-10-25-OSSE.tex
@@ -427,7 +427,7 @@ same.}
  \begin{itemize}
  \item To sum this up: we are at 94\% of \textbf{theoretically} being able to do Reproducible Builds. Which means: the software supports it, in theory! What's lacking is infrastructure (think distribution of all those hashes) and user tools, so users can benefit from it.
  \item<2-4> Debian is the most advanced (big distro) here. The others haven't even started.
- \item<3-4> We need to keep doing what we have been doing (and which I'm going to explain in more detail now) and we need to do more and new things. And we need \textbf{you} to join this efford, especially if you are not using Debian!
+ \item<3-4> We need to keep doing what we have been doing (and which I'm going to explain in more detail now) and we need to do more and new things. And we need \textbf{you} to join this efford, especially if you are working on some other project than Debian!
  \item<4> First 90\% take 90\% of the time \& last 9\% take another 90\%…
 
  \end{itemize}
@@ -713,6 +713,7 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
    \end{itemize}
   \item Can be later used to exactly recreate environment
   \item For Debian, all versions are available from \url{snapshot.debian.org}
+  \item<2>Concept is universial, there are some rough draft implementations elsewhere, but nothing proven nor tested.
  \end{itemize}
 \end{frame}
 
@@ -832,13 +833,14 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
 \begin{frame}
  \frametitle{Detour: what, reproducible commercial Software???}
  \begin{itemize}
-\item Guess which
+\item Guess which:
 \item <2-3>   windows? (the source is available)
 \item <2-3>   medical devices in your body?
 \item <2-3>   arms?
 \item <2-3>   critical infrastructure like in nuclear powerplants?
 \item <2-3>   cars?
-\item <3> Gambling machines!
+\item <2-3>   spaceships? satelites?
+\item <3> gambling machines!
  \end{itemize}
 \end{frame}
 
@@ -931,7 +933,7 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
 \begin{frame}
  \frametitle{Future work}
  \begin{itemize}
- \item<1-3> So far we mostly worked on making reproducible builds possible… and we need to keep doing this until we reached 100\%.
+	 \item<1-3> So far we mostly worked on making reproducible builds possible ("in theory")… and we need to keep doing this until we reached 100\%.
  \item<2-3> We'll need constant tests for future code. So we need to keep our tests running, forever? And we need external rebuilders too.
 
  \item<3> And then, this still needs tools, infrastructure and policies to become
@@ -946,12 +948,15 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
   being able to rebuild reproducibly…
   \item Different projects, different solutions:
  \begin{itemize}
-  \item<2> something like \texttt{.buildinfo} files (defining the environment,
+  \item<2-3> something like \texttt{.buildinfo} files (defining the environment,
   the input and the output(s)) will be needed everywhere:
-  \item<2> implemented for Debian (both in sbuild and well as
-  buildinfo.debian.net)
-  \item<2> work has begun for coreboot, LEDE/OpenWrt and Fedora (mock/koji)
-  and maybe openSUSE (OpenBuildService)
+ \begin{itemize}
+  \item<2-3> implemented for Debian (both in sbuild and well as
+  buildinfo.debian.net) but not ready nor really usable yet.
+  \item<2-3> some work started for coreboot, LEDE/OpenWrt, Arch linux and Fedora (mock/koji), openSUSE (OpenBuildService) and Guix/NixOS.
+ \end{itemize}
+ \item<3> Still needs work: storage and distribution of .buildinfo files.
+ \item<3> Still needs work: rebuilders and external signers.
  \end{itemize}
  \end{itemize}
 \end{frame}
@@ -965,7 +970,7 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
   (ACLU, CCC, Deutsche Bank, Greenpeace, NASA, NSA, US-Army).}
   \item Fedora rebuilds Debian, Debian rebuilds openSUSE, openSUSE rebuilds
   NetBSD, etc…
-  \item Big customers could just rebuild everything themselves.
+  \item Big customers could just rebuild everything themselves and compare that to offical builds (and hopefully share their results).
  \end{itemize}
 \end{frame}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git

More information about the Reproducible-commits mailing list