mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9.5K
active users

#reproduciblebuilds

4 posts4 participants0 posts today
Vagrant Cascadian<p>So sad to hear <a href="https://floss.social/tags/OSUOSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSUOSL</span></a> is in a bit of a pinch...</p><p>They support so many free software projects that I work on, including <a href="https://floss.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> and <a href="https://floss.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> and probably several more I did not even realize!</p><p>Please support those that support so many others if you can and spread the word!</p><p><a href="https://osuosl.org/blog/osl-future/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">osuosl.org/blog/osl-future/</span><span class="invisible"></span></a></p>
LavX News<p>Building Trustworthy Debian Binaries: A GitLab CI/CD Revolution</p><p>In an era where software supply chain security is paramount, the quest for trustworthy binaries is more critical than ever. This article explores the innovative debdistbuild project, which leverages G...</p><p><a href="https://news.lavx.hu/article/building-trustworthy-debian-binaries-a-gitlab-ci-cd-revolution" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/building-</span><span class="invisible">trustworthy-debian-binaries-a-gitlab-ci-cd-revolution</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> <a href="https://mastodon.cloud/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> <a href="https://mastodon.cloud/tags/GitLabCI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitLabCI</span></a></p>
Stefano Zacchiroli<p>Congrats to <span class="h-card" translate="no"><a href="https://chaos.social/@luj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>luj</span></a></span> and <span class="h-card" translate="no"><a href="https://fediscience.org/@Zimm_i48" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Zimm_i48</span></a></span>, for the ACM SIGSOFT Distinguished Paper <a href="https://mastodon.xyz/tags/award" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>award</span></a> at <a href="https://mastodon.xyz/tags/MSR2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSR2025</span></a>, for our joint paper «Does Functional Package Management Enable <a href="https://mastodon.xyz/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> at Scale? Yes.»</p><p>Details, including link to an <a href="https://mastodon.xyz/tags/openaccess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openaccess</span></a> preprint, at: <a href="https://2025.msrconf.org/details/msr-2025-technical-papers/32/Does-Functional-Package-Management-Enable-Reproducible-Builds-at-Scale-Yes-" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">2025.msrconf.org/details/msr-2</span><span class="invisible">025-technical-papers/32/Does-Functional-Package-Management-Enable-Reproducible-Builds-at-Scale-Yes-</span></a></p><p>The paper is going to be presented this afternoon at the conf here in Ottawa.</p><p><a href="https://mastodon.xyz/tags/Nix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nix</span></a> cc: <span class="h-card" translate="no"><a href="https://fosstodon.org/@reproducible_builds" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>reproducible_builds</span></a></span></p>
IzzyOnDroid ✅<p>Welcome to the RB family, LinkGuardian 🥳</p><p><a href="https://apt.izzysoft.de/packages/dev.elbullazul.linkguardian" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/dev.e</span><span class="invisible">lbullazul.linkguardian</span></a></p><p>LinkGuardian is an Android client for Linkwarden, helping you to manage your link collection. Thanks to joint efforts with its developer, <span class="h-card" translate="no"><a href="https://pub.elbullazul.com/@elbullazul" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>elbullazul</span></a></span>, the app is now RB :awesome: </p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
Ludovic Courtès<p>Meanwhile, Gilmore makes an analogy between “reproducible builds” and “pure functions”:<br><a href="https://lists.reproducible-builds.org/pipermail/rb-general/2025-April/003736.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lists.reproducible-builds.org/</span><span class="invisible">pipermail/rb-general/2025-April/003736.html</span></a></p><p>It sure feels like a déjà vu to the Nix and Guix folks but it’s good to see it brought up from a different perspective.</p><p><a href="https://toot.aquilenet.fr/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a></p>
Guardian Project<p><span class="h-card"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> As a supporter of <a href="https://social.librem.one/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a>, it is important to point out a key detail: Signal's own code is <a href="https://social.librem.one/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>, but Signal uses multiple <a href="https://social.librem.one/tags/proprietary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proprietary</span></a> libraries from <a href="https://social.librem.one/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a>. Those cannot be scrutinized since the source code is not open. We believe Signal should offer an actual open source version, and are ready to help. This exists already in the fork <a href="https://fosstodon.org/@MollyIM" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">fosstodon.org/@MollyIM</span><span class="invisible"></span></a> Also, apps like <a href="https://social.librem.one/tags/Element" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Element</span></a> <a href="https://social.librem.one/tags/Threema" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Threema</span></a> <a href="https://social.librem.one/tags/Wire" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wire</span></a> are <a href="https://social.librem.one/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a>, and have <a href="https://social.librem.one/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> on <span class="h-card"><a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fdroidorg</span></a></span> <a href="https://social.librem.one/tags/FDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FDroid</span></a></p>
Vagrant Cascadian<p>Impatient to get a <a href="https://floss.social/tags/Backport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backport</span></a> of <a href="https://floss.social/tags/Dino" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dino</span></a> 0.5 for <a href="https://floss.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> <a href="https://floss.social/tags/Bookworm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bookworm</span></a> <br>... but the build logs were already published, including the hashes of all the binaries, I went ahead and performed a <a href="https://floss.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a> check of locally built packages for amd64, arm64 and the "all" architecture... and came up with bit-for-bit identical results!</p><p><a href="https://people.debian.org/~vagrant/dino-im-reproduced/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">people.debian.org/~vagrant/din</span><span class="invisible">o-im-reproduced/</span></a></p><p>By the time you read this, identical binaries may already land on the Debian archive. I have a newer dino installed now! Try for yourself!</p>
IzzyOnDroid ✅<p><span class="h-card" translate="no"><a href="https://pouet.chapril.org/@jerome_herbinet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerome_herbinet</span></a></span> Thanks for giving us a boost 🤗 And as you use the 🛡️ symbol: <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a> also supports <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> (yes, we can also build from source – but we ALWAYS ship the APKs provided by their resp. developers), see <a href="https://android.izzysoft.de/articles/named/iod-rbs-mirrors-clients" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">android.izzysoft.de/articles/n</span><span class="invisible">amed/iod-rbs-mirrors-clients</span></a> :awesome:</p><p>(our toots use the 🛡️ to indicate RB. Our repo browser indicates RBs by shields, too, for the apps covered by one of our builders)</p>
IzzyOnDroid ✅<p>Welcome to the RB family, MSM 🥳</p><p><a href="https://apt.izzysoft.de/packages/com.prinzpiuz.msm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/com.p</span><span class="invisible">rinzpiuz.msm</span></a></p><p>MSM works as wrapper around your Media server (emby, jellyfin, kodi, plex) and helps you to manage your media files.</p><p>Thanks to the help from its developer, starting with v1.9.0 the app is now reproducible :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
Robin Candau<p>A lot of global improvements and achievements during this past month regarding reproducible builds 🎉<br> <br>I also got a few upstream patches merged again 🥳</p><p><a href="https://reproducible-builds.org/reports/2025-03/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">reproducible-builds.org/report</span><span class="invisible">s/2025-03/</span></a></p><p><a href="https://fosstodon.org/tags/reproduciblebuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproduciblebuilds</span></a></p>
Ian Brown 👨🏻‍💻<p>In fact, governments probably should only EVER deploy executables they have built themselves, using their own compilers (see the classic computer science paper Reflections on Trusting Trust). </p><p>You’d also need chip <a href="https://eupolicy.social/tags/microcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microcode</span></a> auditing and verification for security-critical systems. And some level of chip assurance. And 🇬🇧 Cell-like audits… Details to be determined 😉</p><p><a href="https://eupolicy.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReproducibleBuilds</span></a><br> <a href="https://eupolicy.social/tags/StrategicAutonomy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StrategicAutonomy</span></a> <a href="https://eupolicy.social/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>audit</span></a> <a href="https://eupolicy.social/tags/escrow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>escrow</span></a></p>
IzzyOnDroid ✅<p>You're interested in Reproducible Builds for Android apps? We've just updated our Wiki on those:</p><p><a href="https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/IzzyOnDroid/repo/-/</span><span class="invisible">wikis/Reproducible-Builds/</span></a></p><p>There are new pages for setting up build recipes, and debugging/fixing RBs – which should help you when running your own builder. Which you btw can set up on your Linux machine within 5 minutes using the scripts provided at <a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/IzzyOnDroid/rbuil</span><span class="invisible">der_setup</span></a> :awesome:</p><p>Developers also find pages there on making/keeping their apps RB.</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Farhan 🥳</p><p><a href="https://apt.izzysoft.de/packages/ly.com.tahaben.farhan" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/ly.co</span><span class="invisible">m.tahaben.farhan</span></a></p><p>Farhan empowers you to take control of your digital experience. Say goodbye to manipulative strategies used by other apps and get ready to focus on what matters to you.</p><p>Thanks to the work of Taha Ben Ashur, its developer, the app is now RB :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, WalkersGuide 🥳</p><p><a href="https://apt.izzysoft.de/packages/org.walkersguide.android" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/org.w</span><span class="invisible">alkersguide.android</span></a></p><p>WalkersGuide is a navigational aid primarily intended for blind and visual impaired pedestrians. It calculates routes and shows nearby points of interest.</p><p>Thanks to the help by its developer, the app is RB now :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>
IzzyOnDroid ✅<p>Welcome to the RB family, Rattlegram 🥳</p><p><a href="https://apt.izzysoft.de/packages/com.aicodix.rattlegram" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">apt.izzysoft.de/packages/com.a</span><span class="invisible">icodix.rattlegram</span></a></p><p>Rattlegram lets you transmit short text messages over COFDMTV encoded audio signals.</p><p>Thanks to joined efforts with its developer, Rattlegram (along with its 2 sister-apps) is now RB :awesome:</p><p><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reproducibleBuilds</span></a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IzzyOnDroid</span></a></p>

Welcome to the RB family, Inure 🥳

github.com/Hamza417/Inure

Inure is a powerful open source applications manager and analyzer with a good-looking & easy to use interface.

Joint efforts from 3 parties at work here. Most work was done by the developer (thank you, Hamza!) F-Droid devs joined in, and IzzyOnDroid's new builder tools finally brought in the victory on the developer's side. With the next sync, Inure will be available at IoD and F-Droid as RB :awesome:

An elegant and beautiful premium Android app manager for rooted and non-rooted devices with a built-in terminal, analytics, debloat, stats and various other features with an custom theme engine, de...
GitHubGitHub - Hamza417/Inure: An elegant and beautiful premium Android app manager for rooted and non-rooted devices with a built-in terminal, analytics, debloat, stats and various other features with an custom theme engine, developed with purely custom UI design and reproducible build.An elegant and beautiful premium Android app manager for rooted and non-rooted devices with a built-in terminal, analytics, debloat, stats and various other features with an custom theme engine, de...
Replied in thread

@licho @osman provide evidence the code @signalapp released is actually being deployed.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
youtube.com/watch?v=tJoO2uWrX1M

  • Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

  • All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

"Over the last few releases, we changed our build infrastructure to make package builds reproducible. This is enough to reach 90%. The remaining issues need to be fixed in individual packages. After this Change, package builds are expected to be reproducible. Bugs will be filed against packages when an irreproducibility is detected. The goal is to have no fewer than 99% of package builds reproducible."

phoronix.com/news/Fedora-43-Ex

www.phoronix.comFedora 43 Hopes To Set An Expectation That Package Builds Are Reproducible