Can you imagine pushing a code update to a "smart" lightbulb without knowing what has been changed? How about a vehicle's brakes? What about a nuclear reactor…?
The usual motivation behind "reproducible" builds is to ensure that no malicious flaws have been injected during the build processes. By adopting them they can prevent machine compromise, blackmail and compliance mistakes by ensuring identical binaries are always generated from a given source.
However, reproducible builds will also become essential to ensure the long-term sustainability of the technology underpinning our civilisation. This is not only through reducing deployment risk, but in an age increasingly concerned with compliance and licensing issues, they also provide a means to audit the technology behind our society and thus ensure the long-term sustainability of our infrastructure.
This talk explains how and why this is a vital and long-overdue topic for anyone interested in a positive future of software engineering.