14 DAY TRIAL // Debian's Jérémy Bobbio came with the proposal of introducing reproducible builds for all of the software packages (over 22,000) available in the software repositories of the Debian GNU/Linux operating system to get a verifiable path from source to binary.
The proposal came after Edward Snowden revealed the fact that the Central Intelligence Agency (CIA) compromised the build process of Apple's binaries by injecting backdoors during compilation without the developers' knowledge.
As you might know, Apple uses DEB packages for their iOS mobile operating system running on iPhone, iPad, and iPod touch devices. Therefore, to prevent such "attacks," the Debian Project is currently working hard to implement reproducible builds.
The reproducible builds will make it possible for anyone to reproduce the entire build process of the respective software packages, thus revealing the fact that the binary has been modified if it is not byte for byte identical to the one made publicly available.
"The idea is to get reasonable confidence that a given binary was indeed produced by the source," said Jérémy "Lunar" Bobbio. "We want anyone to be able to produce identical binaries from a given source."
Many Open Source projects are adopting reproducible builds
At the moment, the Debian developers managed to implement reproducible builds for approximately 83 percent of the GNU/Linux operating system's packages, and they will be enabled by default for each binary pushed to the project's repos.
In addition to Debian, which is the world's largest free software project, many other Open Source projects are adopting reproducible builds, including the famous OpenWrt, FreeBSD, and NetBSD.
It is a known fact that software projects like TOR and Bitcoin are already using reproducible builds, and in the near future, we will see more and more free software adopting this method for compiling binaries from a trusted source. Watch the video below for more details!