'Re: [qubes-devel] Deterministic builds for Qubes OS -- the shortcut?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Deterministic builds for Qubes OS -- the shortcut?
From:       Wojtek Porczyk <woju () invisiblethingslab ! com>
Date:       2015-12-23 22:39:53
Message-ID: 20151223223953.GY1543 () invisiblethingslab ! com
[Download RAW message or body]


On Tue, Dec 22, 2015 at 07:54:17PM +0100, HW42 wrote:
> Eric Shelton:
> > Given the discussion of piggybacking off of Debian's efforts at 
> > implementing reproducible builds (however soon they may be available for 
> > use in the Qubes build process), does that mean there is a plan to 
> > transition away from Fedora to Debian as the base on which Qubes is built? 
> > I have no complaints with going in that direction (Fedora's release cycles 
> > seem to introduce unnecessary friction) - just interested where things are 
> > headed.

On the summit we received much help from Debian community, and it was
that kind of help which is really helpful, because it was mostly
unrelated to distribution, but more about specific tools like compilers.
The is in constrast to Fedora community, which was nearly absent from
the summit and it is my feeling that they don't treat the subject
seriously enough.

About transition, there is no decision. I can only say we are quite
annoyed with Fedora lately because of several reasons, so we consider
our options. Our current state of internal, face to face discussion
boils to those points:

- We will always have Fedora template as one of options, we basically
  don't care much about what goes there and we welcome all distros and
  OSes, including BSD and Windows.
- It would be much effort to transition dom0 from Fedora to Debian. It
  already is hard to upgrade Fedora from 20 to 23 (mainly because we
  would have to rewrite WM plugins, which draw those colourful titlebars).
- There will be also much effort to make GUI domain, which most probably
  will be based on Fedora (and not Debian) because of drivers. [1]
- Once we move the graphics subsystem out of dom0, the amount of work to
  change distro in dom0 will be probably much smaller.
- We wouldn't like to do 2x big effort, only 1x big and 1x small, but:
- Fedora 20 is already old and unsupported anyway and each year it
  becomes more obsolete anyway, so something has to be done anyway.
- We see several distros which can be considered, but I can't say which
  and why.
- There are other efforts which are already more pressing. I for one
  would like to finish core3, which hopefuly will be merged in
  January/February.

I'm afraid that's all I can send unencrypted. :) I'd obviously welcome
any comments, but primarily we are thankful for patches, particulary
your work around GUI passthrough.


[1] C. f. sys-net, which will *probably* (don't quote me on that) by
default remain as Fedora, however we know that many people successfuly
run it as Debian.


> I can't answer your question. But I want to note that for the discussed
> problem (How to get the Qubes specific components reproducible?) this is
> nearly irrelevant (Ok the rpm patches aren't ready yet but this is a
> very small problem (as long you don't care about upstream)).

Right, but we ultimately would like to have whole ISO to be somehow
reproducible. That would require templates to be built reproducibly...
If Fedora template would be the last thing that will be unreproducible
and we won't have enough support from upstream (as opposed to Debian
community, which I find very friendly and helpful), we reserve our
option (of course, only hypothetically, as a shourtcut etc.) to for
example release Debian (and Whonix) -only ISO, which will be
reproducible, and "the other" ISO with Fedora.


-- 
Merry Christmas,                _.-._
Wojtek Porczyk               .-^'   '^-.
Invisible Things Lab         |'-.-^-.-'|
                             |  |   |  |
 I do not fear computers,    |  '-.-'  |
 I fear lack of them.        '-._ :  ,-'
    -- Isaac Asimov             `^-^-_>

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20151223223953.GY1543%40invisiblethingslab.com.
 For more options, visit https://groups.google.com/d/optout.


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic