Context:

Reproducible builds ensure software can be rebuilt in an identical, bit-for-bit manner anywhere at any time using the same tools. This means that someone rebuilding the software from the same source code will get exactly the same results.

Why is this important? Because it’s a crucial aspect for supply-chain security.

Source: https://news.opensuse.org/2025/02/18/rbos-project-hits-milestone/

  • FischEnglish
    2·
    2 days ago

    Why tho? I’m a software developer but I don’t do much with build systems. With the same source code, shouldn’t the resulting binary always be the same too?

    • atzanteol@sh.itjust.worksEnglish
      5·
      2 days ago

      You need the same source code, the same exact build tools, the same exact libraries that it depends on, and the same exact OS. Additionally every single build has to be reproducible - so not including in its output, say, the build date/time or any information about the host that built it. Now you need to repeat that for thousands of packages.

    • ugo@feddit.it
      3·
      2 days ago

      Not necessarily. Timestamps, file paths, and other environment metadata can easily sneak into an executable and make a program not build reproducibly