2019-05: 8 minor fixes

parent 352a58a2
Pipeline #49215 passed with stage
in 2 minutes and 34 seconds
......@@ -13,7 +13,7 @@ published: 2019-05-05 17:08:27
As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users pre-compiled. The motivation behind reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
In this months's report, we will cover:
In this month's report, we will cover:
* **Media coverage***Compromised toolchains, what makes a good digital product?, etc.*
* **Upstream news***Scala and Go working on reproducibility, etc.*
......
......@@ -14,7 +14,7 @@ In our reports we outline the most important things which have been up to in and
As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users pre-compiled. The motivation behind reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing third-parties to come to a consensus on whether a build was compromised.
In this months's report, we will cover:
In this month's report, we will cover:
* **Media coverage***More supply chain attacks, Reproducible Builds on the conference circuit, etc.*
* **Upstream news***Mozilla updating their add-on policy, etc.*
......@@ -27,7 +27,7 @@ In this months's report, we will cover:
## Media coverage
* Adam Greenberg reported on [Wired](https://www.wired.com) about the [Barium](https://www.wired.com/story/barium-supply-chain-hackers/), detailing a single group of malicious actors who appear responsible for a veriety supply chain hacks of [CCleaner](https://www.ccleaner.com/), [Asus](https://www.asus.com/) and more, therefore planting backdoors on and gaining access to millions of machines.
* Adam Greenberg reported on [Wired](https://www.wired.com) about the [Barium](https://www.wired.com/story/barium-supply-chain-hackers/), detailing a single group of malicious actors who appear responsible for a variety supply chain hacks of [CCleaner](https://www.ccleaner.com/), [Asus](https://www.asus.com/) and more, therefore planting backdoors on and gaining access to millions of machines.
* The work of Chris Lamb in/around Debian's Reproducible Builds effort [won a Google Open Source Peer Bonus award](https://opensource.googleblog.com/2019/04/google-open-source-peer-bonus-winners.html), a program with the goal of recognising and supporting the ecosystem and sustainability of free software by rewarding and recognising developers for their contributions to open source projects
......@@ -63,7 +63,7 @@ There was yet more progress towards making the [Debian Installer](https://www.de
68 reviews of Debian packages were added, 30 were updated and 11 were removed this month, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb discovered, identified and triaged two new issue types, the first identifying randomness in [Fontconfig](https://www.freedesktop.org/wiki/Software/fontconfig/) `.uuid` files [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/0b9e9668) and another [`randomness_in_output_from_perl_deparse`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/430c2d21).
Finally,[GNU Guix](https://www.gnu.org/software/guix) announced its [1.0.0 release](https://www.gnu.org/software/guix/blog/2019/gnu-guix-1.0.0-released/).
Finally, [GNU Guix](https://www.gnu.org/software/guix) announced its [1.0.0 release](https://www.gnu.org/software/guix/blog/2019/gnu-guix-1.0.0-released/).
---
......@@ -126,10 +126,10 @@ Finally, Vagrant Cascadian [submitted a patch](https://patchwork.ozlabs.org/patc
* Mattia Rizzolo:
* Uploaded version `115` [to Debian experimental](https://tracker.debian.org/news/1040177/accepted-diffoscope-115-source-all-into-experimental/).
* Adjust various build and test-dependencies, including specifing the [ffmpeg](https://ffmpeg.org/) video encoding tool/library and the [Black](https://ffmpeg.org/) code formatter [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0eddfab)] in the build-dependenciess [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d2d3dec)] and reinstating the [oggvideotools](https://sourceforge.net/projects/oggvideotools/) and `procyon-decompiler` as test dependencies, now that are no-longer buggy [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6940757)], etc.
* Adjust various build and test-dependencies, including specifying the [ffmpeg](https://ffmpeg.org/) video encoding tool/library and the [Black](https://ffmpeg.org/) code formatter [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0eddfab)] in the build-dependencies [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d2d3dec)] and reinstating the [oggvideotools](https://sourceforge.net/projects/oggvideotools/) and `procyon-decompiler` as test dependencies, now that are no-longer buggy [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6940757)], etc.
* Make the Debian autopkgtests not fail when a limited subset of "required tools" are temporarily unavailable. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f584fa2)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3d74240)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2e11182)]
In addition, Santiago Torres altered the behavour of the tests to ensure compatibility with various versions of [file(1)]() [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0f02296)] and Vagrant Cascadian added support for various external tools in [GNU Guix](https://www.gnu.org/software/guix/) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7f3416f)] and updated the version of *diffoscope* in that distribution [[...](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ff793da66918ace85048f90dc069415ef067ba06)].
In addition, Santiago Torres altered the behaviour of the tests to ensure compatibility with various versions of [file(1)]() [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0f02296)] and Vagrant Cascadian added support for various external tools in [GNU Guix](https://www.gnu.org/software/guix/) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7f3416f)] and updated the version of *diffoscope* in that distribution [[...](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ff793da66918ace85048f90dc069415ef067ba06)].
#### try.diffoscope.org
......@@ -144,7 +144,7 @@ Chris Lamb made a large number of following changes to the web-based ("no instal
* Updated and upgraded the underlying operating system to the Debian *stable* distribution.
* Moved the [canonical Git repository](https://salsa.debian.org/reproducible-builds/try.diffoscope.org) from Github to the [Reproducible Builds group on salsa.debian.org](https://salsa.debian.org/reproducible-builds/try.diffoscope.org), requiring moving to Gitlab's own [continuous integration (CI) support](https://docs.gitlab.com/ee/ci/) from [Travis CI](https://travis-ci.org/), working around the aggressive firewall (exclusively outgoing ports 80/443) applied to the [Salsa](https://salsa.debian.org/)-based CI runners.
* Moved the [canonical Git repository](https://salsa.debian.org/reproducible-builds/try.diffoscope.org) from GitHub to the [Reproducible Builds group on salsa.debian.org](https://salsa.debian.org/reproducible-builds/try.diffoscope.org), requiring moving to GitLab's own [continuous integration (CI) support](https://docs.gitlab.com/ee/ci/) from [Travis CI](https://travis-ci.org/), working around the aggressive firewall (exclusively outgoing ports 80/443) applied to the [Salsa](https://salsa.debian.org/)-based CI runners.
* Avoid having to update the [Let's Encrypt](https://letsencrypt.org/)-provided SSL certificate manually every 90 days by moving to using [Certbot](https://certbot.eff.org/about/) in `--auto` mode.
......@@ -183,7 +183,7 @@ Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/dd86
Chris Lamb added various fixes for larger/smaller screens [[...](https://salsa.debian.org/reproducible-builds/reproducible-website.git/commit/edef6f8)], added a logo suitable for printing physical pin badges [[...](https://salsa.debian.org/reproducible-builds/reproducible-website.git/commit/d78fd45)] and refreshed the opening copy text on our [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch) page.
Bernhard M. Wiedemann then [documented a more consise C code example](https://reproducible-builds.org/docs/source-date-epoch/#c) for parsing the `SOURCE_DATE_EPOCH` environment variable [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/547732f)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e1efd6f)] and Holger Levsen added a [link to a specific bug](https://bugzilla.opensuse.org/show_bug.cgi?id=1133809) blocking progress in [openSUSE](https://opensuse.org/) to our [*Who is involved?*](https://reproducible-builds.org/who/) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d9f4bce)].
Bernhard M. Wiedemann then [documented a more concise C code example](https://reproducible-builds.org/docs/source-date-epoch/#c) for parsing the `SOURCE_DATE_EPOCH` environment variable [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/547732f)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e1efd6f)] and Holger Levsen added a [link to a specific bug](https://bugzilla.opensuse.org/show_bug.cgi?id=1133809) blocking progress in [openSUSE](https://opensuse.org/) to our [*Who is involved?*](https://reproducible-builds.org/who/) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d9f4bce)].
---
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment