Here's a little thing that may not be obvious to many people....

When you install an open-source app from Google Play or the Apple app store, there is no guarantee that what you install actually matches the public code.

@fdroidorg are doing a great service. They independently build the public source code for apps from scratch, review for common issues, and publish their builds. Thanks to "reproducible builds" it's possible to verify they do not tamper with the code.

f-droid.org/en/docs/Security_M

QUnit proudly joins ♻️ Reproducible Builds.

Today, the first release minted from our deterministic build process – QUnit 2.14. It was largely made possible by Rollup, with a couple of tweaks to ensure dist files use a date based only on information in the Git repository.

github.com/qunitjs/qunit/pull/

The SOURCE_DATE_EPOCH standard by @reproducible_builds made things easy to explain and document. No need to come up with our novel way! #standards #qunit #rollup #reproduciblebuilds
reproducible-builds.org/docs/s

Our next "office hours" meeting for asking any questions about Reproducible Builds will be held on January 7th at 6pm UTC - see lists.reproducible-builds.org/ for more info. 👍

This generated config file accidentally includes the process ID of the build process instead of a literal dollar sign (due to '$$' over '\$') bugs.debian.org/972336 (found by )

Jifeng Xuan will be giving an online talk on the locating the causes of unreproducible builds at 13h00 CET tomorrow (Tuesday 24th) 👍 lists.reproducible-builds.org/

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.