Ok. Let's stop the efforts into patching toolchains. We only need cloudseal to make sure software is reproducible.
Here is the catch: How do we bootstrap cloudseal in a reproducible fashion. We don't have cloudseal to do so. So we either can't reproduce cloudseal, because we have neglected to patch the toolchains it quite possibly it depends on, or we can reproduce cloudseal! But this is most likely because of the reproducible builds effort.
I would like to evaluate the solution it tries to solve. But the technical details but the lack of any code backing this effort and the spare details makes it somewhat hard. No information if the product is Open-Source as well.
>in our initial experiments we’ve achieved 100% reproducibility for over ten thousand unmodified Debian packages
Yes. Debian is currently doing this on all their packages where 96% is reproducible. How was this test done? What packages did they pick? Unreproducible ones, reproducible ones?
Ok. Let's stop the efforts into patching toolchains. We only need cloudseal to make sure software is reproducible.
Here is the catch: How do we bootstrap cloudseal in a reproducible fashion. We don't have cloudseal to do so. So we either can't reproduce cloudseal, because we have neglected to patch the toolchains it quite possibly it depends on, or we can reproduce cloudseal! But this is most likely because of the reproducible builds effort.
I would like to evaluate the solution it tries to solve. But the technical details but the lack of any code backing this effort and the spare details makes it somewhat hard. No information if the product is Open-Source as well.
>in our initial experiments we’ve achieved 100% reproducibility for over ten thousand unmodified Debian packages
Yes. Debian is currently doing this on all their packages where 96% is reproducible. How was this test done? What packages did they pick? Unreproducible ones, reproducible ones?
A lot of questions in general.