As in the past 3 years, I joined the r-b summit where many people interested in reproducible builds met.
There were several participants from companies, including Microsoft, Huawei and Google.
Also some researchers from universities that work on tools like DetTrace, tuf and in-toto.
But the majority still came from various open-source projects – with Fedora/RedHat being notably absent.
We had many good discussion rounds, one of which spawned my writeup on the goal of reproducible builds
Another session was about our wish to design a nice interface, where people can easily find the reproducibility status of a package in various distributions. I might code a Proof-of-Concept of that in the next weeks (when I have time).
I also got some help with java patches in openSUSE and made several nice upstream reproducibility fixes – showing some others how easy that can be.
This whole event also was good team-building, getting to know each other better. This will allow us to better collaborate in the Future.
Later there will be a larger report compiled by others.