[tahoe-lafs-trac-stream] [tahoe-lafs] #2057: reproducible builds (was: deterministic builds using gitian)

tahoe-lafs trac at tahoe-lafs.org
Sat Aug 31 13:44:18 UTC 2013 

#2057: reproducible builds
-----------------------------+-----------------------------------
     Reporter:  leif         |      Owner:  daira
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  undecided
    Component:  unknown      |    Version:  1.10.0
   Resolution:               |   Keywords:  install security eggs
Launchpad Bug:               |
-----------------------------+-----------------------------------

Old description:

> It would be good to have the official packages of Tahoe and all of its
> dependencies built using Gitian.
>
> From http://gitian.org/:
>   Gitian uses a deterministic build process to allow multiple builders to
> create identical binaries. This allows multiple parties to sign the
> resulting binaries, guaranteeing that the binaries and tool chain were
> not tampered with and that the same source was used. It remove the build
> and distribution process as a single point of failure.

New description:

 It would be good to have the official packages of Tahoe and all of its
 dependencies built using Gitian.

 From http://gitian.org/:
   Gitian uses a deterministic build process to allow multiple builders to
 create identical binaries. This allows multiple parties to sign the
 resulting binaries, guaranteeing that the binaries and tool chain were not
 tampered with and that the same source was used. It remove the build and
 distribution process as a single point of failure.

 XXX This description may be obsolete as this ticket evolves -- please read
 the comments and maybe we'll update this description if we converge on an
 idea of what the issue is.

--

Comment (by zooko):

 P.S. The original description and title said it would be good to have the
 official packages of Tahoe-LAFS and all of its dependencies built using
 gitian, but I have a few problems with that. First, there aren't official
 packages of Tahoe-LAFS. Second, I don't understand why gitian is either
 necessary or sufficient for the goal of reproducible build, and I don't
 like what little I understand of its approach, which is virtual-machine-
 based.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2057#comment:5>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list