Arch Linux now has a bit-for-bit reproducible Docker image

76 points by Foxboron


pbsds

Congratulations!

miro

Great job everyone!

sammko

What's the bootstrap starting point for this? Checking the docs, it assumes a running Arch installation, does it then assemble binary packages from the repositories into a docker image?

I'm struggling to understand the purpose of this. If I trust the Archlinux maintainers I don't have to bother with this, I can just check a signature. If I don't trust the Archlinux maintainers, I can't trust the repositories nor the host installation I'm doing this under.