Hi Gunner!
On Sun, 21 Nov 2021, Allen Gunn wrote:
Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
We are still doing reproducible builds: for each Tor Browser release we have two people from the team building and comparing the results of the builds (and investigating and fixing the issue if it's not matching). And this page has instructions for people who want to reproduce our builds: https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking/H...
However checking that builds have been reproduced is still a manual process. I think the next step would be to have more people building Tor Browser, with some system to publish the results, and then having the Tor Browser updater check before applying an update that it has been built by multiple trusted builders. However since we are a small team and already busy with many other things, this is not very high priority at the moment.
Nicolas