[reproducible-website] 02/02: Update.
Chris Lamb
chris at chris-lamb.co.uk
Sat Mar 3 10:53:10 UTC 2018
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository reproducible-website.
commit 3c143a58bc6bc65e27b6d75675d0e9a742b96fb2
Author: Chris Lamb <lamby at debian.org>
Date: Sat Mar 3 10:52:58 2018 +0000
Update.
---
funding.html | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 157 insertions(+)
diff --git a/funding.html b/funding.html
new file mode 100644
index 0000000..b53c405
--- /dev/null
+++ b/funding.html
@@ -0,0 +1,157 @@
+---
+layout: page
+title: Funding
+permalink: /funding/
+---
+
+<div class="row">
+ <div class="four columns title">
+ <h2> </h2>
+ </div>
+ <div class="eight columns">
+ <p>
+ <em>The Reproducible Builds effort needs your help to continue its work
+ towards ensuring the security of computer systems of all shapes and sizes
+ around the world.</em>
+ </p>
+ </div>
+</div>
+
+<div class="row">
+ <div class="four columns title">
+ <h2> </h2>
+ </div>
+ <div class="eight columns">
+ <p>
+ As a quick refresher, whilst anyone can inspect the source code of free
+ and open source software for malicious flaws, most software is
+ distributed pre-compiled to end users.
+ </p>
+ <p>
+ The motivation behind the Reproducible Builds project is to permit
+ verification that no flaws have been introduced during the compilation
+ process—either maliciously or accidentally—by promising
+ identical results are always generated from a given source, thus allowing
+ multiple third-parties to come to a consensus on whether a computer is
+ compromised.
+ </p>
+ <p>
+ Your continued support will be key in solving this problem, which affects
+ computer systems of all sizes, from embedded microcontrollers to the
+ largest government systems.
+ </p>
+ </div>
+</div>
+
+<div class="row">
+ <div class="four columns title">
+ <h2>Past work</h2>
+ </div>
+ <div class="eight columns">
+ <ul>
+ <li>
+ 94% of packages in <a href="https://debian.org/">Debian</a> are
+ reproducible, and <a href="https://www.debian.org/doc/debian-policy/">Debian Policy</a> now
+ recommends that builds are reproducible. <tt>.buildinfo</tt> support,
+ etc. merged into the official toolchain.
+ </li>
+
+ <li>
+ Large amount of cross-distribution collaboration —
+ <a href="https://tails.boum.org/">Tails</a> and <a href="https://www.coreboot.org/">Coreboot</a>
+ now offer reproducible ISO images based heavily on our work, and
+ <a href="https://www.netbsd.org/">NetBSD</a>
+ offer a reproducible base system to complement considerable progress
+ from <a href="https://f-droid.org/en/">F-Droid</a>, <a href="https://www.opensuse.org/">OpenSUSE</a>
+ and <a href="https://www.archlinux.org/">ArchLinux</a>. In addition, we are also
+ providing continuous reproducible builds testing for eight Linux
+ distributions.
+ </li>
+
+ <li>
+ Core patches written and submitted for GCC, R and Go, Rust introduced
+ "file maps" in support of reproducibility after our feedback.
+ </li>
+
+ <li>
+ A number of highly lauded presentations (LCA, Embedded Linux onference,
+ LibrePlanet, Scale15x, CCC, OSSE, LinuxCon China, Open Compliance
+ Summit, etc.) as well highly-productive meetups in "real life".
+ </li>
+
+ <li>
+ Countless features in <a href="https://diffoscope.org/">diffoscope</a>
+ and other tools; 1000s of lines changed with extensive use outside of a
+ reproducibility context.
+ </li>
+
+ <li>
+ Mentoring in <a href="https://www.outreachy.org/">Outreachy</a> and
+ <a href="https://summerofcode.withgoogle.com/">GSoC</a> to ease
+ inclusion of new contributors especially ones from under-represented
+ groups in technology. Almost 3 years of regular weekly newsletters.
+ Regular internet-based meetings combined well as active and friendly
+ communications ensure that newcomers feel welcome and involved.
+ </li>
+ </ol>
+ </div>
+</div>
+
+<div class="row">
+ <div class="four columns title">
+ <h2>Suggested work</h2>
+ </div>
+ <div class="eight columns">
+ <p>
+ The Reproducible Builds team has demonstrated that it is, in principle,
+ possible to build a Linux distribution in a reproducible manner and have
+ solved many of the issues in doing so.
+ </p>
+
+ <p>
+ However, the next release of Debian ("buster") is currently not yet
+ 100% reproducible and funding to support on-going maintenance of
+ critical infrastructure will be absolutely essential to reach this goal.
+ </p>
+
+ <p>
+ This not only includes the administration of over 50 build nodes across
+ multiple architectures, it requires continuous and patient work with
+ package maintainers and upstreams to merge reproducibility-related
+ patches. It also includes extending the scope of
+ <a href="https://tests.reproducible-builds.org/">our testing
+ framework</a> to even more projects, as well as improving the existing
+ tests and reports.
+ </p>
+
+ <p>
+ In addition, there are currently no tools that let a user know whether
+ packages that they are installing are reproducible or not, required to
+ "close the loop" and allow end-users to finally truly validate the
+ software they are running on their machines.
+ </p>
+
+ <p>
+ Furthermore, maintaining momentum — both in terms of public
+ perception and in private — around the various related projects
+ such as <em>diffoscope</em>, etc. will be key in ensuring a reproducible
+ "buster" becomes a reality.
+ </p>
+ </div>
+</div>
+
+<div class="row">
+ <div class="four columns title">
+ <h2>Contact</h2>
+ </div>
+ <div class="eight columns">
+ <p>
+ Please do not hesitate to get in touch
+ (<tt>rb-funding at lists.reproducible-builds.org</tt>) if you would like any
+ more information. Thank you for your consideration and we thank you in
+ advance for your support.
+ </p>
+ </div>
+</div>
+
+<img style="margin-top: 10px; vertical-align: top;" src="{{ "/images/groupphoto_rws3_berlin_2017_small.png" | prepend: site.baseurl }}" />
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/reproducible-website.git
More information about the Reproducible-commits
mailing list