Hello; Just thought I¡d share this link I came up with:
https://reproducible-builds.org The subject is somewhat controversial; making a reproducible build involves effort and is unlikely to add value to the end product. Still there are interesting issues though. The main question is: do the checksums we generate actually have a meaning? Can people downloading the source code actually rebuild the application and obtain the same checksum we are asking them to trust? Proponents of reproducible builds mention the case of tainted toolchains, like the trojanized SDK that recently hit a mobile AppStore. The website is full of interesting tools but one reference that caught my eye was Google’s Bazel: http://bazel.io Bazel is a new build system that offers both speed and reproducibility: it supports Java, C++, ObjC, and is under an Apache License. Big stopper: no Windows support (yet). Just something to thin about. I see many issues in our current buildbots that are difficult to address but spending time in the build system is something the we generally (but wrongly) assume is not worthy of spending developer time on it. Cheers, Pedro. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
