14 DAY TRIAL // Debian developers have just announced that 83.5% of all source packages in sid main can be rebuilt reproducibly, which is actually a huge percentage.
Now you're wondering what these reproducible builds are and how they affect the regular user. Well, if you're just a regular Debian user, you're not going to have to deal with this feature. If you're a developer, however, then things might become a little bit more interesting. You can now check to see if a binary provided by the distro is actually built from the source package. This is very important, especially from a security point of view.
It's also very useful to be able to build older versions of a package long after it has been updated. Let's say that you need to fix a bug reported for a package that's actually a year old. That package has been updated lots of times in the past year, but you need to reproduce it in that state in order to check if the bug is exhibited in the way described by the user.
The goal for Debian is 100%
Even if 83.5% seems like a lot, the Debian developers don't want to stop here. They are trying to push that percentage to 100% and they are quite confident that they will be successful in their endeavor.
"We have been making great progress recently; after more than a year of work, we are proud to announce that we found 83.5% of all source packages in sid main can be rebuilt reproducibly! The current result has mostly been achieved via experimental changes in toolchain packages available from a dedicated repository. So far, more than 2,000 'unreproducible' packages have been investigated. Several core (e.g. linux) and other packages have already received patches to make them build reproducibly," wrote the developers in the official mailing list.
Reproducible builds for Debian are still young and it will take quite a while until we see some tangible results for this project, but it's nice to know that they are making some good progress.