Reproducible Builds Joins Conservancy

Reproducible Builds Joins Conservancy

Receives $300,000 Donation from Handshake

November 8, 2018

We are very excited to announce the Reproducible Builds project as
our newest member project. Reproducible builds is a set of software development practices that create an
independently-verifiable path from the source code to the binary code used by computers. This ensures that the
builds you are installing are exactly the ones you were expecting, which is critical for freedom, security and
compatibility and exposes injections of backdoors introduced by compromising build servers or coercing
developers to do so via political or violent means.

The Reproducible Builds project, which began as a project within the Debian community, joins our other adjacent
work around this distribution, such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy’s own compliance work: a build that cannot
be verified may contain code that triggers different license compliance responsibilities
than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software
to guarantee that they are doing so responsibly and with care for those who receive the software.

The Reproducible Builds project is already working with many crucial
and well-known free software projects
such as Coreboot
(also a Conservancy project!), OpenSUSE OpenWrt, Tails, GNU Guix, bootstrapable.org, FreeBSD, Arch Linux and
Tor. In the past, the Core Infrastructure Initiative
generously
funded
work on the project but has since this ceased. The work has continued in the meantime thanks to the
contributions of volunteers. As Reproducible Builds joins Conservancy, it is also receiving a donation of $300,000
from the Handshake Foundation which will propel the project’s efforts to
ensure the future health and usability of free software.

Karen Sandler, Executive Director of the Software Freedom Conservancy, says, “The work being done at
Reproducible Builds is critical for both the trust and long-term sustainability of free software projects. We’re proud to
be able to support the project behind this set of practices which we hope will eventually be adopted by the wider
free software community.”

Holger Levsen, who will chair the project’s Steering Committee, along with Bdale Garbee, Allen Gunn,
Mattia Rizzolo, Keith Packard, and Stefano Zacchiroli, says, “I’m very happy that Reproducible Builds has
become a Conservancy project and am much looking forward to see the results of this cooperation and the
long term effects on the free software ecosystem. Reproducible Builds is on a long term mission to change
the way Free Software is distributed and used and I’m glad we have a strong partner who shares our vision
and has ties into the wider community.”

Chris Lamb, the current Debian Project Leader and long-time contributor to the Reproducible Builds effort, references
freedom #2 of the Free Software Foundation’s Four
Freedoms
when talking about the importance of trust when sharing software: “Are you really helping your
neighbour if you distribute trojanned or otherwise compromised software?”

Conservancy, a public charity focused on ethical technology, is home to over fifty member projects dedicated to
developing and promoting free and open source software. Conservancy acts as a corporate umbrella, allowing
member projects to operate as non-profit initiatives without having to manage their own corporate structure
and administrative services.