We're starting a sprint to look at all the issues preventing #ReproducibleBuilds in all the apps we ship. Most of the issues are simple fixes in the upstream code, like unsorted outputs or timestamps included in the build.
You can help make the #FreeSoftware #Android ecosystem be more reproducible! See the failures here and help us report them upstream: https://verification.f-droid.org/failed.html
@fdroidorg You might want to mention that unlike the rebuilders run by e.g. @IzzyOnDroid, which verify APKs built and published by upstreams, in a build environment customised for that, your linked verification server reproduces F-Droid's builds (which may be patched), using F-Droid's build environment. That's kind of important when you're going to report issues upstream.
@obfusk @fdroidorg @IzzyOnDroid I agree it is important to mention when there are patches, and the build environment is also often relevant. We use a minimal Debian/stable build environment both in CI containers and in production VMs to provide as neutral a build environment as possible. Plus we also like that #Debian is the most reproducible base OS that is currently feasible to use for Android builds.
