42:["$","div",null,{"className":"px-4","children":[["$","h2",null,{"className":"mb-4 text-sm font-medium text-balance text-muted-foreground tabular-nums","children":[0," comments"]}],["$","$L44",null,{"comments":[{"item":{"id":48238109,"type":"comment","by":"rlt","time":1779467288,"title":"$undefined","url":"$undefined","text":"Nit: there’s nothing “cryptographic” about reproducible builds.

“Reproducible build” already usually implies bit-by-bit reproducibility.","score":"$undefined","descendants":"$undefined","kids":[48241040,48239156,48238583],"parent":48237288,"dead":false,"deleted":false},"children":[{"item":{"id":48241040,"type":"comment","by":"illiac786","time":1779480983,"title":"$undefined","url":"$undefined","text":"“The reproducibility is cryptographically verifiable with hashes“ would be the full sentence, but it’s a mouthful.","score":"$undefined","descendants":"$undefined","kids":[48244045,48242416],"parent":48238109,"dead":false,"deleted":false},"children":[{"item":{"id":48244045,"type":"comment","by":"pabs3","time":1779504025,"title":"$undefined","url":"$undefined","text":"Build reproducibility checks usually use bitwise comparison, not hash comparison.

The Reproducible Builds project also wrote diffoscope, which goes quite far with helping identify where differences occur and how to fix them.

https://reproducible-builds.org/\nhttps://diffoscope.org/\nhttps://try.diffoscope.org/","score":"$undefined","descendants":"$undefined","kids":[48245819],"parent":48241040,"dead":false,"deleted":false},"children":[]},{"item":{"id":48242416,"type":"comment","by":"dekhn","time":1779488699,"title":"$undefined","url":"$undefined","text":"yes, but it's still not cryptological, it's just verification using hashes.","score":"$undefined","descendants":"$undefined","kids":[48242551],"parent":48241040,"dead":false,"deleted":false},"children":[]}]},{"item":{"id":48239156,"type":"comment","by":"dempedempe","time":1779472601,"title":"$undefined","url":"$undefined","text":"I meant with Nix you're comparing hashes. With Docker, you're using pinned versions","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":48238109,"dead":false,"deleted":false},"children":[]},{"item":{"id":48238583,"type":"comment","by":"bt1a","time":1779469628,"title":"$undefined","url":"$undefined","text":"i thought it mainly implied architectural/hardware compatibility and deterministic output","score":"$undefined","descendants":"$undefined","kids":[48242795],"parent":48238109,"dead":false,"deleted":false},"children":[{"item":{"id":48242795,"type":"comment","by":"aidenn0","time":1779491770,"title":"$undefined","url":"$undefined","text":"Nix mostly does not guarantee deterministic output. It rather guarantees deterministic inputs, and then sandboxes the system to inhibit the build from accessing the outside world.

Deterministic inputs do not always imply deterministic outputs.","score":"$undefined","descendants":"$undefined","kids":[48244052],"parent":48238583,"dead":false,"deleted":false},"children":[]}]}]},{"item":{"id":48238605,"type":"comment","by":"pimeys","time":1779469734,"title":"$undefined","url":"$undefined","text":"Nix is also great at work. You keep the server nix code in the same repo and OpenCode can just change and test server config.","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":48237288,"dead":false,"deleted":false},"children":[]}],"op":"dempedempe"}]]}]

0 comments

0 comments