Izzy1d ago

You often see us reporting our RB status, and might wonder what's so important about #ReproducibleBuilds – want a recent example? Take a look at https://web.archive.org/web/20260402133949/https://github.com/Nekogram/Nekogram/issues/336 – and the POC at https://github.com/RomashkaTea/nekogram-proof-of-logging

In short: Release APK was built from different code, including a logger to catch all phone numbers contacted. Oh, and the dev thinks that's fine (https://t.me/NekoUpdates/531).

RB would have failed for that app, and shown the diff.

Stay safe out there!

(1/2)

[Spyware, Malicious code] Malicious Code Injection and User Data Leaking in Release Binaries · Issue #336 · Nekogram/Nekogram

Steps to reproduce Install and login to your telegram account Now your phone number belongs to Xi Jinping... jk. to Nekogram creator Expected behaviour Not leaking phone numbers Actual behaviour Ma...

GitHub
Freax2d ago
Lucas Nussbaum announced the availability of debaudit, a new service which verifies the integrity and reproducibility of Debian source packages and complements the work of the Reproducible Builds project. lists.debian.org/debian-devel-… #debian #reproducible-builds micronews.debian.org/2026/1774…
debaudit: a new service to verify the reproducibility of Debian source packages

Alex OberhauserMar 27

New guide on getnix.io — "What is Nix?"

A beginner-friendly intro to what Nix actually is, how it differs from Docker/Homebrew/Apt/Ansible, and the core concepts you need before diving in. If you've ever wondered why people keep talking about Nix, this one's for you.

https://getnix.io/guides/what-is-nix/

#Nix #NixOS #Linux #macOS #DevOps #ReproducibleBuilds #PackageManagement

What is Nix?

A practical introduction to Nix — what it does, why it exists, and the core concepts you need before diving into real projects.

Bastien Guerry 🧢Mar 19

What's if you could ~$ git clone SWHID?

"You’d end up with git clone as a content-addressed fetch primitive rather than just a URL fetch, which is an interesting building block for reproducible builds and supply chain verification."

A nice write-up by @andrewnez on git remote helpers 👉 https://nesbitt.io/2026/03/18/git-remote-helpers.html

#Git #SWHID #ReproducibleBuilds

Git Remote Helpers

Git can talk to anything if you write the right helper.

Andrew Nesbitt
knoppixMar 11

Fedora Linux 44 Beta is out, bringing installer polish, modernized desktops, and updated dev tooling. 🧩

Highlights: improved Anaconda networking, new KDE login/setup, Budgie and Games Lab on Wayland, plus big stack bumps like Go 1.26, MariaDB 11.8, Helm 4, Ansible 13, and TeXLive 2025. 🛠️

@fedora

🔗 https://fedoramagazine.org/announcing-fedora-linux-44-beta/

#TechNews #Linux #Fedora #OpenSource #Beta #KDE #Wayland #DevOps #SysAdmin #Security #ReproducibleBuilds #GNULinux #Desktop #Servers #FOSS

Announcing Fedora Linux 44 Beta - Fedora Magazine

Download the Fedora Linux 44 Beta today. Test new installer features and the latest software across all Fedora editions.

Fedora Magazine
Reel TubesMar 10
Don't miss the Day 2 afternoon sessions from NixCon 2020 — deep dives into reproducible builds, NixOS workflows, tooling, and lively community talks. Ideal for Nix users and anyone curious about reproducible dev environments. Inspiring tech + community vibes! #NixCon #NixOS #ReproducibleBuilds #DevOps #OpenSource #Conference #English
https://peertube.parenti.net/videos/watch/cd4430ab-73d1-4566-b24a-3ff9d172b03f
NixCon 2020 — Day 2 Afternoon

PeerTube
Stewart X AddisonMar 4
I appreciate all the technicalities surrounding it but it would be great if ccache had a mode where it could ensure that the objects that came out of it were binary identical with ones that didn't use ccache from a #ReproducibleBuilds perspective ...
I wonder if such a thing is feasible ...
Show threadIzzyMar 1

(2/2) those included 22 #ReproducibleBuilds – of which 6 failed:

* 3 because of not adhering to the "first basic rule": to build the APK from the tagged commit 🙈
* 2 because of failed libraryStripping (so we needed to find the matching NDK and install that for them
* 1 not yet fixed as we could not yet figure the cause

Repairs took me 3+ hours. Easily avoidable. Dear devs, please see our RB hints 4 you, and help us saving time for other important tasks:

https://izzyondroid.org/docs/reproducibleBuilds/RBDevHints/

#IzzyOnDroid

RB Hints for Developers - IzzyOnDroid

some hints for developers who want their app to become/stay reproducible

vascorsdFeb 28

Debugging Reproducibility Issues in Rust Software

https://notes.8pit.net/notes/iqfs.html

#guix #nix #reproducibleBuilds #rust #programming

Debugging Reproducibility Issues in Rust Software

nmeumFeb 28

There is a fun footgun related to compile-time code generation using procedural macros in Rust: if the macro has non-deterministic behavior, then the build process of any crate using it is not reproducible.

Here's a little write-up explaining how I uncovered such an issue in the hashify crate while trying to package Rust software for Guix: https://notes.8pit.net/notes/iqfs.html

#Guix #Rust #reproducibility #ReproducibleBuilds

Debugging Reproducibility Issues in Rust Software