Reproducible Builds: Trust Building through Best Practices

Short Form


Reproducible builds introduces best practices enabling bit-by-bit identical software builds. With identical builds, independent verification becomes achievable by individual developers, who are then able to publicly share those verifications to the community at large.


The Reproducible Builds project fixes toolchains and code so that binaries can be independently verified as the result of compiling source code. Without verifying the connection between source code and binary software, toolchains become a tempting target to inject exploits, subverting many of the strengths of Free/Libre Open Source Software.

This talk will briefly introduce the history behind the problem and move on to demonstrate why reproducibility matters, common issues and fixes, and tools used to identify and troubleshoot issues, moving towards reproducibility as a set of best practices when developing and improving software.


security, best-practices

Speaking experience

This talk will be a variation of the last several I've given in the past year, focusing on the best practices and security concerns addressed by reproducible builds.

I've given links to several of the talks with video and slides below:

LibrePlanet 2017: Verifying Software Freedom with Reproducible Builds

Embedded Linux Conference 2017: The Reproducible Build Zoo

SeaGL and Scale 15x: Introduction to Reproducible Builds

Debconf 16: The Many ARMed Monster of Reproducibility