11-09, 19:25–19:45 (UTC), Room 3
Why everyone should do reproducible builds and how can package managers help in getting there.
Distributors and users alike are worried these days about supply chain attacks as those on SolarWinds.
For FLOSS developers, reproducible-builds is an easy way to let people verify that the published packages indeed correspond to their public sources.
This presentation will answer the Why? What? and How?
Bernhard M. Wiedemann is a software developer and sysadmin, since 2016 working at SUSE on reproducible builds. He wrote over 600 patches for various projects, including rpm and python setuptools.
In earlier times he managed OpenStack clouds, wrote the openQA OS-testing tool and the long obsolete translucency filesystem overlay for Linux-2.4