[reproducible-website] 02/02: Update.

Chris Lamb chris at chris-lamb.co.uk
Sat Mar 3 10:53:10 UTC 2018


This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository reproducible-website.

commit 3c143a58bc6bc65e27b6d75675d0e9a742b96fb2
Author: Chris Lamb <lamby at debian.org>
Date:   Sat Mar 3 10:52:58 2018 +0000

    Update.
---
 funding.html | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 157 insertions(+)

diff --git a/funding.html b/funding.html
new file mode 100644
index 0000000..b53c405
--- /dev/null
+++ b/funding.html
@@ -0,0 +1,157 @@
+---
+layout: page
+title: Funding
+permalink: /funding/
+---
+
+<div class="row">
+  <div class="four columns title">
+    <h2> </h2>
+  </div>
+  <div class="eight columns">
+    <p>
+      <em>The Reproducible Builds effort needs your help to continue its work
+      towards ensuring the security of computer systems of all shapes and sizes
+      around the world.</em>
+    </p>
+  </div>
+</div>
+
+<div class="row">
+  <div class="four columns title">
+    <h2> </h2>
+  </div>
+  <div class="eight columns">
+    <p>
+      As a quick refresher, whilst anyone can inspect the source code of free
+      and open source software for malicious flaws, most software is
+      distributed pre-compiled to end users.
+    </p>
+    <p>
+      The motivation behind the Reproducible Builds project is to permit
+      verification that no flaws have been introduced during the compilation
+      process—either maliciously or accidentally—by promising
+      identical results are always generated from a given source, thus allowing
+      multiple third-parties to come to a consensus on whether a computer is
+      compromised.
+    </p>
+    <p>
+      Your continued support will be key in solving this problem, which affects
+      computer systems of all sizes, from embedded microcontrollers to the
+      largest government systems.
+    </p>
+  </div>
+</div>
+
+<div class="row">
+  <div class="four columns title">
+    <h2>Past work</h2>
+  </div>
+  <div class="eight columns">
+    <ul>
+      <li>
+        94% of packages in <a href="https://debian.org/">Debian</a> are
+        reproducible, and <a href="https://www.debian.org/doc/debian-policy/">Debian Policy</a> now
+        recommends that builds are reproducible. <tt>.buildinfo</tt> support,
+        etc. merged into the official toolchain.
+      </li>
+
+      <li>
+        Large amount of cross-distribution collaboration —
+        <a href="https://tails.boum.org/">Tails</a> and <a href="https://www.coreboot.org/">Coreboot</a>
+        now offer reproducible ISO images based heavily on our work, and
+        <a href="https://www.netbsd.org/">NetBSD</a>
+        offer a reproducible base system to complement considerable progress
+        from <a href="https://f-droid.org/en/">F-Droid</a>, <a href="https://www.opensuse.org/">OpenSUSE</a>
+        and <a href="https://www.archlinux.org/">ArchLinux</a>. In addition, we are also
+        providing continuous reproducible builds testing for eight Linux
+        distributions.
+      </li>
+
+      <li>
+        Core patches written and submitted for GCC, R and Go, Rust introduced
+        "file maps" in support of reproducibility after our feedback.
+      </li>
+
+      <li>
+        A number of highly lauded presentations (LCA, Embedded Linux onference,
+        LibrePlanet, Scale15x, CCC, OSSE, LinuxCon China, Open Compliance
+        Summit, etc.) as well highly-productive meetups in "real life".
+      </li>
+
+      <li>
+        Countless features in <a href="https://diffoscope.org/">diffoscope</a>
+        and other tools; 1000s of lines changed with extensive use outside of a
+        reproducibility context.
+      </li>
+
+      <li>
+        Mentoring in <a href="https://www.outreachy.org/">Outreachy</a> and
+        <a href="https://summerofcode.withgoogle.com/">GSoC</a> to ease
+        inclusion of new contributors especially ones from under-represented
+        groups in technology. Almost 3 years of regular weekly newsletters.
+        Regular internet-based meetings combined well as active and friendly
+        communications ensure that newcomers feel welcome and involved.
+      </li>
+    </ol>
+  </div>
+</div>
+
+<div class="row">
+  <div class="four columns title">
+    <h2>Suggested work</h2>
+  </div>
+  <div class="eight columns">
+    <p>
+      The Reproducible Builds team has demonstrated that it is, in principle,
+      possible to build a Linux distribution in a reproducible manner and have
+      solved many of the issues in doing so.
+    </p>
+
+    <p>
+      However, the next release of Debian ("buster") is currently not yet
+      100% reproducible and funding to support on-going maintenance of
+      critical infrastructure will be absolutely essential to reach this goal.
+    </p>
+
+    <p>
+      This not only includes the administration of over 50 build nodes across
+      multiple architectures, it requires continuous and patient work with
+      package maintainers and upstreams to merge reproducibility-related
+      patches. It also includes extending the scope of
+      <a href="https://tests.reproducible-builds.org/">our testing
+      framework</a> to even more projects, as well as improving the existing
+      tests and reports.
+    </p>
+
+    <p>
+      In addition, there are currently no tools that let a user know whether
+      packages that they are installing are reproducible or not, required to
+      "close the loop" and allow end-users to finally truly validate the
+      software they are running on their machines.
+    </p>
+
+    <p>
+      Furthermore, maintaining momentum — both in terms of public
+      perception and in private — around the various related projects
+      such as <em>diffoscope</em>, etc. will be key in ensuring a reproducible
+      "buster" becomes a reality.
+    </p>
+  </div>
+</div>
+
+<div class="row">
+  <div class="four columns title">
+    <h2>Contact</h2>
+  </div>
+  <div class="eight columns">
+    <p>
+      Please do not hesitate to get in touch
+      (<tt>rb-funding at lists.reproducible-builds.org</tt>) if you would like any
+      more information. Thank you for your consideration and we thank you in
+      advance for your support.
+    </p>
+  </div>
+</div>
+
+<img style="margin-top: 10px; vertical-align: top;" src="{{ "/images/groupphoto_rws3_berlin_2017_small.png" | prepend: site.baseurl }}" />

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/reproducible-website.git



More information about the Reproducible-commits mailing list