Toward a fully reproducible Debian

Posted Jun 16, 2018 19:38 UTC (Sat) by smoogen (subscriber, #97)
In reply to: Toward a fully reproducible Debian by Lennie
Parent article: Toward a fully reproducible Debian

Software that was to meet Orange Book A ratings supposedly had build systems like this. Similarly deep space satellite and similar systems usually had build systems like this because you might be rebuilding the OS for the device decades later and needed to make sure it was exactly what you put in the lander.. even if the original PDP-11 it was designed on wasn't around. However those were limited commercial environments and also done in ways which were different from this.. so the similarity is probably about as much the way I described it :)

to post comments

Toward a fully reproducible Debian

Posted Jun 17, 2018 20:38 UTC (Sun) by jani (subscriber, #74547) [Link] (1 responses)

Yes, some security evaluations require you to be able to check out the project from version control and build the exact same thing again. ITSEC/TCSEC in the past, I believe certain protection profiles in the Common Criteria as well. The companies doing this stuff generally don't make much noise about it.

Also companies masking their software to ROM typically would like to be able reproduce the builds. I've used a build system for ROM masking that allowed you to fix bugs in EEPROM afterwards, taking into account what's in ROM in the build. I don't know how common that was, but it felt pretty cool at the time.

Reproducible builds aren't a new thing, nor a specifically open source thing.

Toward a fully reproducible Debian

Posted Jun 20, 2018 21:41 UTC (Wed) by Lennie (subscriber, #49641) [Link]

Thanks for your answer. That was the sort of info I was looking for.