# What do you want to talk about?

- learn more
- learn more about reproducible builds


# BoF agenda

- recap of architecture
- Q & A
- state of implementation


# new ideas

- Debian packaging repository might not correctly reflect the source package
  in the archive, we might want to check that.


# problems

- What about release time: the normal release frequency isn't maintained


# code

https://salsa.debian.org/reproducible-builds/transparency


# literature

- More detailed description of this proposal (a little outdated):
  https://arxiv.org/pdf/1711.07278

- Mathematical foundations, trade-off between centralised an distributed designs:
  "Transparency overlays and applications"
  http://discovery.ucl.ac.uk/1530760/1/transparency.pdf

- A distributed design:
  "Contour: A Practical System for Binary Transparency"
  https://arxiv.org/pdf/1712.08427

- Further work on software distribution security:
  Chainiac: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-nikitin.pdf
  In-Toto: https://in-toto.github.io/