Grant Date: September 2021
Most software is distributed pre-compiled, so even if the source code of free and open source software is inspected for malicious flaws, something malicious could be slipped into the compilation. This disconnect between source and binary forms allows third parties to compromise systems. This is particularly a concern for privacy and security software, or on build infrastructure.
Reproducible builds are a set of software development practices, principles and tools that can demonstrate an independently verifiable path from the original source code to what is actually run on our computers. The processes that lead to reproducible builds contributes to improving quality, reliability, legibility, and robustness too. ARDC provided a previous grant to Reproducible Builds that went towards creating tools for debugging and diagnosing over 500 patches to the Debian Linux distribution as well as other significant changes, improving reproducibility of ‘live’ operating systems, and continued maintenance of testing framework.
The ongoing collaboration aims to make progress on the Debian installer, further development of the diffoscope tool and resulting enhanced Quantitative Analysis capabilities, overhaul documentation to make it more approachable for end users, community engagement efforts, and build path improvements.
Learn More: https://reproducible-builds.org/