❖ Browsing media by libreplanet
Verifying software freedom with reproducible builds
Vagrant Cascadian
The Reproducible Builds project aims to move towards a world where binary software can be independently verified, by anyone, as the product of a given source. Many people interested in Free Software rely on the distributors of binary software to respect their freedoms. Unfortunately, most software incorporates unintended information into the binaries, resulting in differences in the binaries between consecutive builds. If software normally produces different binaries every time it is built, how can we verify and prove that it is the intended result of the source code? By incorportating best practices documented by the Reproducible Builds project into software development projects, an independently verifyable chain from the source code to the binaries can be formed. Once independent verification becomes common practice, people can get back to working with software that respects user freedoms.