Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
Thanks in advance...
peace, gunner
On 11/22/21 1:24 AM, Allen Gunn wrote:
Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
You might want to go and talk to the Tor Browser devs, they build TB in a reproducible way with tor-browser-build [1]. For (little-t) tor there has been some work to make reproducible tarballs recently [2]
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
Thanks in advance...
peace, gunner
[1] https://gitlab.torproject.org/tpo/applications/tor-browser-build [2] https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/473
Hi Gunner!
On Sun, 21 Nov 2021, Allen Gunn wrote:
Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
We are still doing reproducible builds: for each Tor Browser release we have two people from the team building and comparing the results of the builds (and investigating and fixing the issue if it's not matching). And this page has instructions for people who want to reproduce our builds: https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking/H...
However checking that builds have been reproduced is still a manual process. I think the next step would be to have more people building Tor Browser, with some system to publish the results, and then having the Tor Browser updater check before applying an update that it has been built by multiple trusted builders. However since we are a small team and already busy with many other things, this is not very high priority at the moment.
Nicolas
Allen Gunn:
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
You might find my Tor Demo Day presentation on doing RBM builds on Cirrus CI to be interesting. I think Tor intended to post a video of the talk, but I'm not sure if that ever happened. A subsequent blogpost I wrote on the subject (whose content overlaps somewhat with my talk) is available here:
https://www.namecoin.org/2021/06/09/rbm-on-cirrus-ci.html
Cheers,
On 2021-11-21 17:24:35, Allen Gunn wrote:
Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
According to Debian, Tor (little t) is reproducible too:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/tor.html
(Hi gunner :)
a.
Hey Gunner!
Besides what boklm said; there have been some proposals for including browser update hashes in the consensus for additional trust, as a form of Binary Transparency type thing. https://gitweb.torproject.org/torspec.git/tree/proposals/227-vote-on-package...
Firefox as built by Mozilla is also reproducible, but the scale between Tor Browser and Firefox is quite large so it's a very different kind of 'reproducible'.
-tom
On Mon, 22 Nov 2021 at 01:38, Allen Gunn gunner@aspirationtech.org wrote:
Hello friends,
Another project with which I and Aspiration do a lot of work is Reproducible Builds (https://reproducible-builds.org/)
We are doing some communications and "amplification" on the Reproducible Builds team, and I'm wondering who in Tor has reproducibility on their plate, and might be good to talk to about Tor thinking on reproducibility?
We are trying to identify things we might visualize as well as how you are thinking about RB these days?
Thanks in advance...
peace, gunner
--
Allen Gunn Executive Director, Aspiration www.aspirationtech.org
Aspiration: "Better Tools for a Better World"
Read our Manifesto: https://aspirationtech.org/publications/manifesto
Twitter: www.twitter.com/aspirationtech
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
tor-project@lists.torproject.org
-
Allen Gunn -
Antoine Beaupré -
HackerNCoder -
Jeremy Rand -
Nicolas Vigier -
Tom Ritter