Commit cb0f529b authored by Chris Lamb's avatar Chris Lamb 💬

Initial draft.

parent ef1fad68
......@@ -3,31 +3,72 @@ layout: new/blog
week: 206
* FIXME: h01ger filed Bug#926065: unblock: diffoscope/113
Here's what happened in the [Reproducible Builds]( effort between Sunday March 31 and Saturday April 6 2019:
* On Monday the first we announced a double news item: a crowd-funded audit of Intel's 8086 CPU and an intention to propose a patch to the [Berne Convention]( on copyright law. See and
* Bernhard M. Wiedemann wrote blog post about his [import of openSUSE Tumbleweed into IPFS]( to aid verification of older binaries.
* [Chris Lamb]( filed a wishlist bug against the Debian [``]( "[psuedo-package](" to request that we test and ensure the reproducibility status of [Debian Installer]( images.
* [FIXME](#926242)
* [Holger Levsen]( requested permission for [Diffoscope]( version 113 to enter the upcoming Debian *buster* release via bug [#926065]( This was subsequently processed by Jonathan Wiltshire.
* [diffoscope]( is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week Chris Lamb changed the behaviour such that specifying "`-`" (a hyphen) is explicitly required on the command-line to read a single diff from standard input to avoid somewhat non-intuitive behaviour when *diffoscope* is called without any arguments. [[#54](]
* 33 reviews of Debian packages were added, 2 were updated and 8 were removed in this week adding to [our knowledge about identified issues]( Chris Lamb identifier and triaged a fresh toolchain issue, [`randomness_in_perl6_precompiled_libraries`](
* There were a number of updates to the [ project website](, including Chris Lamb adding an explicit link to the "[who]({{ "/who/" | prepend: site.baseurl }})" and "[donate]({{ "/donate/" | prepend: site.baseurl }})" pages in the new footer template [[...](][[...](] as well as tidying thelanguage a little[[...](]. In addition, Daniel Shahaf adding an April's Fools joke [[...](].
* On our [mailing list](, David Wheeler started a thread regarding the [definition of reproducibility]( and how it appears on the [ project website](
* Chris Lamb updated the [LetsEncrypt]( SSL certificate for [](
* On the [Software Freedom Conservancy]( blog, [Pamela Chestek]( wrote a post titled "[Do You Know Where Your Code Came From?]( which references the Reproducible Builds project. In addition,Reproducible Builds (and supply chain security in general) were mentioned on [episode 15 of the LibreLounge podcast](
* Bernhard M. Wiedemann wrote [a blogpost]( about his import of openSUSE Tumbleweed into IPFS to aid the verification of older binaries.
## Packages reviewed and fixed, and bugs filed
* Bernhard M. Wiedemann:
* [mstflint]( (date+time)
* [mstflint]( (date/time)
* [mhvtl]( (time)
* A number of fixes for the [pesign-obs-integration]( to [pass through rpm %licence filetype tag]( and [better keep rpm bits]( and a related [fix of a rpm bug](
* [oyranos]( (uname -r)
* [linphone]( (sort python readdir)
* [mvapich2]( (sort readdir)
* A number of fixes for the [pesign-obs-integration]( to [pass through RPM `%licence` filetype tag]( and [better keep RPM bits]( and a related [fix of an RPM bug](
* [oyranos]( (`uname -r`)
* [linphone]( (sort Python `readdir`)
* [mvapich2]( (sort `readdir`)
* [miredo](;a=commitdiff;h=a31ef243d0038bf22bfe5f03b9f377a8819c5da0) (hostname)
* [python-Django1]( (FTBFS-2028)
* [python-Django1]( ("FTBFS-2028")
* [inotify-tools]( (date [orphaned upstream](
* [warzone2100]( (sort zip -X [already upstream](
* [warzone2100]( (`sort zip -X` [already upstream](
* [diffoscope]( (update to version 113)
* [Chris Lamb updated the SSL certificate for](
* Chris Lamb:
* [#926298]( filed against [adms](
* [#926300]( filed against [qpid-proton](
* [#926301]( filed against [coda](
* [#926421]( filed against [netcdf-parallel](
## Test framework development
* We operate a comprehensive [Jenkins]( testing framework that powers []( The following changes were done this week:
* Chris Lamb:
* Avoid double spaces in IRC output, eg. "`Failed`". [[...](]
* Holger Levsen:
* Don't turn nodes offline too quickly. [[...](]
* Add new experimental []( service. [[...](]
* Allow "long-running" `.buildinfo` download runners. [[...](]
* Node maintenance. [[...](][[...](][[...](][[...](][[...](]
* Mattia Rizzolo:
* Apply [`flake8`]( to the `` script. [[...](]
* Use "`[check-valid-until=no]`" over "`Acquire::Check-Valid-Until`" in our [APT]( serup. [[...](]
* Install the `python3-yaml` library everywhere as it is needed by the deploy script. [[...](]
* Special-case the `src:debian-installer` package as it has "special" download requirements. [[...](] (see [#926242](
* Add the new `` [MX records]( to our [Munin]( confurations. [[...](]
* Drop the old [Alioth]( OpenSSH key from Jenkins' `authorized_keys`. [[...](]
* Node maintenance. [[...](]
* [Reproducible Builds and supply chain security in general mentioned on episode 15 of the LibreLounge podcast approx 9m in.](
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Daniel Shahaf, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment