FreeBSD 15.0 Aims For Reproducible Builds / Zero-Trust Builds With Fresh Funding

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67332

    FreeBSD 15.0 Aims For Reproducible Builds / Zero-Trust Builds With Fresh Funding

    Phoronix: FreeBSD 15.0 Aims For Reproducible Builds / Zero-Trust Builds With Fresh Funding

    The FreeBSD Foundation has begun receiving funding to work on zero-trust builds / reproducible builds. The work will hopefully be wrapped up in time for the major FreeBSD 15.0 release...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • sophisticles
    Senior Member
    • Dec 2015
    • 2591

    #2
    The FreeBSD Foundation has begun receiving funding to work on zero-trust builds
    What if you already have zero trust in them, does that mean they don't get the money?

    Also it seems like kind of an odd goal to have, for your builds to have zero trust.

    Wouldn't it make more sense to work towards complete trust builds?

    Comment

    • Volta
      Senior Member
      • Apr 2019
      • 2279

      #3
      Good move. Linux distros should do the same.

      Comment

      • jaypatelani
        Senior Member
        • Apr 2019
        • 192

        #4
        Nice to see them work. NetBSD has this long ago all OS should have this

        Comment

        • Espionage724
          Senior Member
          • Sep 2024
          • 356

          #5
          Cool

          Comment

          • cen1
            Senior Member
            • Aug 2016
            • 378

            #6
            Excellent news! Reproducible builds seem to be steadily advancing each year, bright spot in OSS.

            Comment

            • irusensei
              Junior Member
              • Aug 2024
              • 7

              #7
              Who is going to bet people will edit /etc/make.conf and then complain binaries don't match?

              Comment

              • rb777
                Junior Member
                • Aug 2020
                • 14

                #8
                It's been building as reproducible already. I use WITH_REPRODUCIBLE_BUILD=1 in /etc/src.conf for 14.2 as with -CURRENT we only have WITHOUT_REPRODUCIBLE_BUILD:


                We also need ports to be like this.

                I don't need root to build world & kernel, just be the owner of /usr/src & /usr/obj

                Comment

                • skeevy420
                  Senior Member
                  • May 2017
                  • 8638

                  #9
                  That's rather funny since just the other day I was ranting about how it doesn't matter what license a project uses as long as there's a way for others to rebuild the system to prove that everything is on the up and up.

                  sophisticles God damn do FOSS people suck when it comes to naming things. Zero-Trust Builds sounds like it accomplishes the opposite of what it's supposed to do and is how I'd describe Corporate Linux Distributions like RHEL and Ubuntu.

                  Does Ubuntu have any distribution that acts like Rocky, Alma, and Liberty does to RHEL? One that rebuilds the Ubuntu repositories instead of piggybacking them like Mint or System76?

                  Comment

                  • Luke_Wolf
                    Senior Member
                    • Jun 2011
                    • 2808

                    #10
                    Originally posted by skeevy420 View Post
                    That's rather funny since just the other day I was ranting about how it doesn't matter what license a project uses as long as there's a way for others to rebuild the system to prove that everything is on the up and up.

                    sophisticles God damn do FOSS people suck when it comes to naming things. Zero-Trust Builds sounds like it accomplishes the opposite of what it's supposed to do and is how I'd describe Corporate Linux Distributions like RHEL and Ubuntu.

                    Does Ubuntu have any distribution that acts like Rocky, Alma, and Liberty does to RHEL? One that rebuilds the Ubuntu repositories instead of piggybacking them like Mint or System76?
                    Zero Trust isn't a FOSS naming thing, your instincts are right it's a corporate naming thing which is meant to convey not having to have a Trusted Computing Base except it's mostly nonsense and a bunch of marketing and semantics games much like every other corporate-speak word.

                    Comment

                    Working...
                    X