#76 End-to-end supply chain security
Opened 7 months ago by jzerebecki. Modified 5 months ago

This is not a feature request, so it doesn't need to be reviewed. It is a place to note and link all the ideas for end-to-end supply chain security.

While this will be thought up in terms of ALP, some of it might be applicable earlier. No promises either way.

https://en.opensuse.org/openSUSE:Reproducible_Builds


Interesting, we'll discuss it today on the meeting.

Metadata Update from @lkocman:
- Issue set to the milestone: ALP

6 months ago

Exit criteria:

This could be closed after the planning is done.
We know what needs to be implemented in zypper, we know what should be implemented in OBS. This is a public tracker for progress on these items.

Metadata Update from @lkocman:
- Custom field SUSE Jira - SUSE Linux Enterprise adjusted to https://jira.suse.com/browse/ALPGW-6

6 months ago

This is impossible to implement. The OBS part alone would require changing fundamentally how it works, since we'd need to preserve the build environments of every build like Koji does.

I do not see any fundamental change being necessary. OBS preserves the build environment of every build in the _buildenv file.

Login to comment on this ticket.

Metadata