This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ===== Beyond Trusting Open Source Software: Reproducible Builds ===== * **Speaker**: Vagrant Cascadian * **Room**: CC 203 * **Time**: Sun 3:00 pm – 3:30 pm * **Format**: Lecture (30 Min + Q&A) * **Difficulty**: Some experience required * **Track**: Security / Privacy * **Additional Tags**: Development & Dev Tools, OSS Distributions * **Presenter Location**: In-person * **Experience**: umpteenth time speaking * **At**: anywhere ==== Description: ==== Open‑source software offers transparency, community collaboration, and the ability to inspect source code — but most users never interact with the source. Instead, they download **precompiled binaries**, which are effectively opaque. Even if the source is trustworthy, how can we be sure the binary actually matches it? **Reproducible Builds** provide the missing link: a way for independent parties to verify that a given binary is *exactly* the result of building the published source code, bit‑for‑bit. This dramatically strengthens the security model of open‑source software by replacing blind trust with verifiable integrity. This talk introduces: * The core concepts behind Reproducible Builds * Best practices for developing and releasing reproducible software * Tools for diagnosing non‑reproducibility * The broader ecosystem effort to solve a decades‑old, pervasive security issue Attendees will learn how reproducibility enhances trust, how to adopt reproducible practices in their own projects, and how this movement is reshaping the future of secure software distribution. **Target Audience:** * Sysadmins * Developers * Security‑minded open‑source contributors
