This is a publication as part of my PhD on the impact of Nix on software supply chain security and in particular it focuses on studying the proportion and evolution of bit-by-bit reproducible packages in nixpkgs.
I invite curious readers to read directly the paper, but I also summarized the key takeaways of the article in a blogpost.
@JulienMalka Kind of OT, but what led you to use this way of phrasing the title, rather than a perhaps more traditinoal “Functional package management enables reproducible builds at scale” ?
Just curious, I like the title, it’s a bit catchier I guess
Congrats on publishing your findings ! I got the link for FOSDEM but this deserves more advertising.
One question : you checked for bitwise reproducibility with nix build --check. Does that compare the build and its refernce bit per bit ?
Hi Julien, I was sorry to miss this talk at FOSDEM, but my colleague went and thought it was very interesting! I loved the fact that you found a regression in pip as a result of the work.