Securing open-source package ecosystems by originating, validating, and augmenting build attestations.

OSS Rebuild aims to apply reproducible build concepts at low-cost and high-scale for open-source package ecosystems.

Rebuilds are derived by analyzing the published metadata and artifacts and are evaluated against the upstream package versions. When successful, build attestations are published for the upstream artifacts, verifying the integrity of the upstream artifact and eliminating many possible sources of compromise.

• Introducing OSS Rebuild: Open Source, Rebuilt to Last @ Simon Willison’s Weblog.

Simple, secure, and reproducible packaging for AI/ML projects.

KitOps is an open source DevOps tool that packages and versions your AI/ML model, datasets, code, and configuration into a reproducible artifact called a ModelKit. ModelKits are built on existing standards, ensuring compatibility with the tools your data scientists and developers already use.

• KitOps @ GitHub.

A new model for Nix binary substitutions.

Trustix is a tool that compares build outputs for a given build input across a group of independent providers to establish trust in software binaries.

• Trustix @ GitHub.

Related contents:

• Is NixOS truly reproducible? @ Julien Malka aka luj.

Fast, Declarative, Reproducible and Composable Developer Environments using Nix.

• devenv @ GItHub.

An opinionated guide for developers wanting to get things done with the Nix ecosystem.

The Nix ecosystem is a DevOps toolkit to achieve reproducible development environments.

nix @ GitHub

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

Linux OS distribution based on Nix package manager, providing reproducible builds and deployments.

Related content:

• Nix - Death by a thousand cuts @ Jono's Corner.
• I Think It's Time to Give Nix a Chance @ maych.in.