[tor-project] (FWD) TODAY: 7:30pm 5-134: Reproducible Builds

Roger Dingledine arma at mit.edu
Wed Nov 30 23:17:56 UTC 2016

A shout-out to Tor, from a totally different world.

I've added the phrase 'reproducible builds' to our 'projects that are
succeeding at their goals because of Tor' riseup pad. :)


----- Forwarded message from Lenny Foner <foner at media.mit.edu> -----

Date: Wed, 30 Nov 2016 10:55:26 -0500
From: Lenny Foner <foner at media.mit.edu>
To: cluedump-announce at mit.edu
Subject: TODAY:  7:30pm 5-134: Reproducible Builds

Please join us today, at 7:30pm in 5-134, for a Cluedump by
Valerie Young on Reproducible Builds:

We trust FOSS software because we can read the source code.  Or, at
least, we trust FOSS software because we trust the community who reads
and writes the source code.  But users do not download source code and
compile programs themselves; they download binaries.  Binaries can be
exploited in many ways, from a compromised developer to a compromised
compiler, and without reproducible builds, we are not capable of
independently verifying that a given binary came from the publicly
available source code.

"'Reproducible builds?'" you might ask in confusion, "Are you implying
the compilation of software is not deterministic?"  Turns out, yes!

"Reproducible Builds" is the umbrella term for the wide FOSS effort to
make the build chain of all software deterministic and transparent.  In
this talk, I will give a brief history of the reproducible builds effort
from Tor's original success to the ongoing work of the Debian community
to create an entirely reproducible operating system.  You will leave
with a clear understanding of the nuances and challenges of achieving
reproducible builds and a clear vision for the exciting future where
reproducible builds are the norm.


Valerie Young is a Debian contributor and secretary for the board of
directors of Software in the Public Interest.  She studied physics and
computer science at Boston University, worked at athenahealth for a few
years, and is presently on vacation between paying jobs to chill and
write free software.

Snacks will be served!

For more information, or if you'd like to give a Cluedump, please
contact us at cluedumps at mit.edu.  Anyone can give a Cluedump:
undergraduates, graduate students, researchers, faculty, alumni,
or those from outside MIT.  To see prior Cluedumps, some of which
have supplementary information, see http://cluedumps.mit.edu/.
Add Cluedumps to your calendar at https://sipb.mit.edu/calendar/.

(bcc'd to dorm lists; NaN for bc-talk)


SIPB Cluedumps are one-to-two hour informal technical talks about any
topic of interest to the MIT computer community.  To receive future SIPB
Cluedump announcements, be sure to subscribe to the cluedump-announce
mailing list.

What is SIPB?  More so than a traditional computer club, SIPB is a
student group with deep roots in the culture and implementation of
computer technology at MIT.  SIPB is a community---a group of computer
enthusiasts working together to learn and create.  As a group, SIPB
develops and maintains many technologies in official use at MIT, such
as the operating system you use at Athena clusters.  But, more than
anything, SIPB is an opportunity for people of any major or background
to come together, learn new skills, and make ideas come to life.  Come
learn more, get involved with one of many projects, or create your
own!  http://sipb.mit.edu/

----- End forwarded message -----

More information about the tor-project mailing list