Skip to main content

So, Philipp Kern dropped by asking if we could do some #ReproducibleBuilds verifications of recent Debian Security updates, given, well the whole #xz mess... and that our build infrastructure may have run compromised code at some point...

So I did a quick pass at a handful of updates and everything verified ok so far, though I skipped some of the probably more juicy targets such as chromium and firefox:

lists.reproducible-builds.org/…

Debian is reproducible enough to at least try this sort of thing!

Reproducible Builds for recent Debian security updates

lists.reproducible-builds.org
#xz #reproduciblebuilds