Reproducible Builds Joins Conservancy
Receives $300,000 Donation from Handshake
November 8, 2018
We are very excited to announce the Reproducible Builds project as our newest member project. Reproducible builds is a set of software development practices that create an independently-verifiable path from the source code to the binary code used by computers. This ensures that the builds you are installing are exactly the ones you were expecting, which is critical for freedom, security and compatibility and exposes injections of backdoors introduced by compromising build servers or coercing developers to do so via political or violent means.
The Reproducible Builds project, which began as a project within the Debian community, joins our other adjacent work around this distribution, such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy's own compliance work: a build that cannot be verified may contain code that triggers different license compliance responsibilities than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software to guarantee that they are doing so responsibly and with care for those who receive the software.
The Reproducible Builds project is already working with many crucial and well-known free software projects such as Coreboot (also a Conservancy project!), OpenSUSE OpenWrt, Tails, GNU Guix, bootstrapable.org, FreeBSD, Arch Linux and Tor. In the past, the Core Infrastructure Initiative generously funded work on the project but has since this ceased. The work has continued in the meantime thanks to the contributions of volunteers. As Reproducible Builds joins Conservancy, it is also receiving a donation of $300,000 from the Handshake Foundation which will propel the project's efforts to ensure the future health and usability of free software.
Karen Sandler, Executive Director of the Software Freedom Conservancy, says, "The work being done at Reproducible Builds is critical for both the trust and long-term sustainability of free software projects. We're proud to be able to support the project behind this set of practices which we hope will eventually be adopted by the wider free software community."
Holger Levsen, who will chair the project's Steering Committee, along with Bdale Garbee, Allen Gunn, Mattia Rizzolo, Keith Packard, and Stefano Zacchiroli, says, "I'm very happy that Reproducible Builds has become a Conservancy project and am much looking forward to see the results of this cooperation and the long term effects on the free software ecosystem. Reproducible Builds is on a long term mission to change the way Free Software is distributed and used and I'm glad we have a strong partner who shares our vision and has ties into the wider community."
Chris Lamb, the current Debian Project Leader and long-time contributor to the Reproducible Builds effort, references freedom #2 of the Free Software Foundation's Four Freedoms when talking about the importance of trust when sharing software: "Are you really helping your neighbour if you distribute trojanned or otherwise compromised software?"
Conservancy, a public charity focused on ethical technology, is home to over fifty member projects dedicated to developing and promoting free and open source software. Conservancy acts as a corporate umbrella, allowing member projects to operate as non-profit initiatives without having to manage their own corporate structure and administrative services.