A great security feature of Open Source software is that the community can audit the source code to catch foul play. However, how can you be sure the binary you downloaded indeed corresponds to the source code that was audited?
This talk will discuss various attack vectors on the build/distribution pipeline, and explain how the Reproducible Builds project improves security. Several Linux distributions are working on making their
entire pipeline reproducible. We will give an update of the current state of these projects for Arch and Debian.