Reproducible builds and secure software

Chris Lamb joined the show to talk about his project Reproducible Builds — which is funded by The Linux Foundation’s Core Infrastructure Initiative. We talked about the importance of having a verifiable path from source code to compiled binary, what this set of software development practices is all about, what it means to have Reproducible Builds, the challenges faced when implementing these development practices, and the inherent security you gain from them.

Leave us a comment

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors:

• GoCD – GoCD is an on-premise open source continuous delivery server created by ThoughtWorks that lets you automate and streamline your build-test-release cycle for reliable, continuous delivery of your product.
• Flatiron – Are you ready to take the first step to being full-time programmer? Enroll in the FREE Bootcamp Prep course from Flatiron. Free enrollment is offered to the first 500 students only. So if you’re considering enrollment, don’t waste any time. Use our special link when you enroll to get $500 off your first month’s tuition when you move on to a career or certificate course.
• Linode – Our cloud server of choice! Get one of the fastest, most efficient SSD cloud servers for only $10/mo. We host everything we do on Linode servers. Use the code changelog2017 to get 2 months free!

Featuring:

• Chris Lamb – Twitter, GitHub, Website
• Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
• Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn

Show Notes:

• This show began as an issue on GitHub
• The Linux Foundation’s Core Infrastructure Initiative Funds the Reproducible Builds Project
• Reproducible Builds
• apt-secure (Ubuntu)
• apt-secure (Debian)
• thread.com

Something missing or broken? PRs welcome!