What happened in the Reproducible Builds effort between Sunday October 9 and Saturday October 15 2016: Media coverage

• despinosa wrote a blog post on Vala and reproducibility
• h01ger and lynxis gave a talk called "From Reproducible Debian builds to Reproducible OpenWrt, LEDE" (video, slides) at the OpenWrt Summit 2016 held in Berlin, together with ELCE, held by the Linux Foundation.
• A discussion on debian-devel@ resulted in a nice quotable comment from Paul Wise: "(Reproducible) builds from source (with continuous rechecking) is the only way to have enough confidence that a Debian user has the freedoms promised to them by the Debian social contract."
• Chris Lamb will present a talk at Software Freedom Kosovo on reproducible builds on Saturday 22nd October.

Documentation update After discussions with HW42, Steven Chamberlain, Vagrant Cascadian, Daniel Shahaf, Christopher Berg, Daniel Kahn Gillmor and others, Ximin Luo has started writing up more concrete and detailed design plans for setting SOURCE_ROOT_DIR for reproducible debugging symbols, buildinfo security semantics and buildinfo security infrastructure. Toolchain development and fixes Dmitry Shachnev noted that our patch for #831779 has been temporarily rejected by docutils upstream; we are trying to persuade them again. Tony Mancill uploaded javatools/0.59 to unstable containing original patch by Chris Lamb. This fixed an issue where documentation Recommends: substvars would not be reproducible. Ximin Luo filed bug 77985 to GCC as a pre-requisite for future patches to make debugging symbols reproducible. Packages reviewed and fixed, and bugs filed The following updated packages have become reproducible - in our current test setup - after being fixed:

• cobbler/2.6.6+dfsg1-13 by Thomas Goirand, original patch by Chris Lamb.
• collectd/5.6.1-1 by Marc Fournier.
• fonts-tiresias/0.1-3 by G rkan Myczko, original patch by Chris Lamb.
• fntsample/4.0-2 by , original patch by Chris Lamb.
• fpga-icestorm/0~20160913git266e758-2 by Ruben Undheim, original patch by Chris Lamb.
• frog/0.13.5-1 by Maarten van Gompel, original patch by Chris Lamb.
• lambda-align/1.0.0-2 by Sascha Steinbiss, original patch by Chris Lamb.
• pleiades/1.7.0-2 by Hideki Yamane, original patch by Chris Lamb.
• sweethome3d/5.2+dfsg-1 by Markus Koschany, original fix by Gabriele Giacone.
• trac-subtickets/0.2.0-2 by W. Martin Borgert.

The following updated packages appear to be reproducible now, for reasons we were not able to figure out. (Relevant changelogs did not mention reproducible builds.)

• aodh/3.0.0-2 by Thomas Goirand.
• eog-plugins/3.16.5-1 by Michael Biebl.
• flam3/3.0.1-5 by Daniele Adriana Goulart Lopes.
• hyphy/2.2.7+dfsg-1 by Andreas Tille.
• libbson/1.4.1-1 by A. Jesse Jiryu Davis.
• libmongoc/1.4.1-1 by A. Jesse Jiryu Davis.
• lxc/1:2.0.5-1 by Evgeni Golov.
• spice-gtk/0.33-1 by Liang Guo.
• spice-vdagent/0.17.0-1 by Liang Guo.
• tnef/1.4.12-1 by Kevin Coyner.

Some uploads have addressed some reproducibility issues, but not all of them:

• chktex/1.7.6-1 by Thorsten Alteholz, original patch by Sascha Steinbiss.
• dbus/1.10.12-1 by Simon McVittie.
• doomsday/1.15.8-3 by Markus Koschany, #839338 by Lucas Nussbaum.
• emacs25/25.1+1-1 by Rob Browning.
• gpgme1.0/1.7.0-3 by Daniel Kahn Gillmor.
• monkeysign/2.2.0 by Antoine Beaupr .
• python-attrs/16.2.0-1 by Tristan Seligmann, original patch by Chris Lamb.
• shotwell/0.24.0-1 by J rg Frings-F rst, original patch by Alexis Bienven e.
• supple/1.0.6-2 by Daniel Silverstone.
• why/2.36-1 by Ralf Treinen, original patch by Valentin Lorentz.

Some uploads have addressed nearly all reproducibility issues, except for build path issues:

• palo/1.96 by Helge Deller, #778437 by Chris Lamb.
• rbdoom3bfg/1.1.0~preview3+dfsg+git20160807-1 by Tobias Frost.
• singular/4.0.3-p3+ds-1 by Jerome Benoit.
• varnish/5.0.0-3 by Stig Sandbeck Mathisen, original patch by Chris Lamb.
• yaml-cpp/0.5.2-4 by Paul Novotny, original patch by Reiner Herrmann.

Patches submitted that have not made their way to the archive yet:

• #840741 filed against http-icons by Chris Lamb.
• #840177 filed against qconf by Chris Lamb.
• #840845 filed against python-pygraphviz by Chris Lamb.
• #840346 filed against qjoypad by Chris Lamb.

Reviews of unreproducible packages 101 package reviews have been added, 49 have been updated and 4 have been removed in this week, adding to our knowledge about identified issues. 3 issue types have been updated:

• Added max_output_size_reached, ftbfs_due_to_jenkins_semaphore_setup, and build_id_differences_only.

Weekly QA work During of reproducibility testing, some FTBFS bugs have been detected and reported by:

• Anders Kaseorg (1)
• Chris Lamb (18)

tests.reproducible-builds.org Debian:

• h01ger has turned off the "Scheduled in testing+unstable+experimental" regular IRC notifications and turned them into emails to those running jenkins.d.n.
• Re-add opi2a armhf node and 3 new builder jobs for a total of 60 build jobs for armhf. (h01ger and vagrant)
• vagrant suggested to add a variation of init systems effecting the build, and h01ger added it to the TODO list.
• Steven Chamberlain submitted a patch so that now all buildinfo files are collected (unsigned yet) at submit@buildinfo.kfreebsd.eu.
• Holger enabled CPU type variation (Intel Haswell or AMD Opteron 62xx) for i386. Thanks to Profitbricks.com for their great and continued support!

Openwrt/LEDE/NetBSD/coreboot/Fedora/archlinux:

• Increase memory on the 2 build nodes from 12 to 16gb, thanks to profitbricks.com

Misc. We are running a poll to find a good time for an IRC meeting. This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC.

What happened in the Reproducible Builds effort between June 19th and June 25th 2016. Media coverage

• Holger Levsen gave a talk at openSUSE Conference 2016 explaining the general idea and status of Reproducible Builds. This talk is available as video recording.
• This was followed by Bernhard Wiedemannn, detailing his work on Reproducible Builds for openSUSE which is also available as video recording:
  • openSUSE uses SOURCE_DATE_EPOCH now too
  • How to create bit-for-bit identical RPMs
  • How strip-nondeterminism is Python and thus unsuitable for the openSUSE base system
• Mozilla awarded $77k to work on reproducible builds for Tails. The goal is to enable anyone (given sufficient technical skills and hardware resources) to rebuild from source a given Tails release, in order to independently verify that it matches the ISO image that was published. A substantial part of this work will be done in Debian: for example, to make the side-effects of some packages' post-installation scripts deterministic. On the longer term, this work should benefit other projects that want to make their own builds reproducible (e.g. operating system images for the cloud and embedded systems, operating system installation media, other Live systems).

GSoC and Outreachy updates

• Valerie Young published a report detailing what she did the last week regarding improving tests.reproducible-builds.org/debian.
• Ceridwen announced reprotest's arrival in the NEW queue and discussed autopkgtest's layout.

Toolchain fixes

• Anton Gladky uploaded an NMU of python-setuptools, which sorts entries in native_libs.txt files (#825857).

Other upstream fixes Emil Velikov searched on IRC for hints on how to guarantee unique values during build to invalidate shader caches in Mesa, when also no VCS information is available. A possible solution is a timestamp, which is unique enough for local builds, but can still be reproducible by allowing it to be overwritten with SOURCE_DATE_EPOCH. Packages fixed The following 9 packages have become reproducible due to changes in their build dependencies: cclib librun-parts-perl llvm-toolchain-snapshot python-crypto python-openid r-bioc-shortread r-bioc-variantannotation ruby-hdfeos5 sqlparse The following packages have become reproducible after being fixed:

• allegro4.4/2:4.4.2-9 by Tobias Hansen, original patch by Reiner Herrmann.
• atomicparsley/0.9.6-1 by Jonas Smedegaard.
• dwarfutils/20160613-1 by Fabian Wolff, original patch by Reiner Herrmann.
• dwm/6.1-3 by Hugo Lefeuvre, original patch by Reiner Herrmann.
• funtools/1.4.6+git150811-3 by Ole Streicher, original patch by Alexis Bienven e.
• golang-github-appc-spec/0.8.4+dfsg-1 by Dmitry Smirnov.
• golang-github-appc-docker2aci/0.11.1+dfsg-1 Dmitry Smirnov.
• hdf-eos5/5.1.15.dfsg.1-7 by Alastair McKinstry.
• hmmer2/2.3.2-11 by Sascha Steinbiss, original patch by Chris Lamb.
• jpy/0.8-2 by Alastair McKinstry.
• lazarus/1.6+dfsg-4 by Paul Gevers.
• pgbackrest/1.02-2 by Adrian Vondendriesch.
• siege/4.0.2-1 by Josue Abarca.
• starlink-pal/0.5.0-4 by Ole Streicher, original patch by Chris Lamb.
• stylish-haskell/0.5.17.0-2 by Sean Whitton.
• xprobe/0.3-3 by Sophie Brun, original patch by Reiner Herrmann.

Some uploads have fixed some reproducibility issues, but not all of them:

• hdfeos4/2.19v1.00+dfsg.1-5 by Alastair McKinstry.
• icu4j/57.1-2 by Tony Mancill, original patch by Chris Lamb.
• pari/2.7.6-1 by Bill Allombert,

Patches submitted that have not made their way to the archive yet:

• #827684 against cgoban by Chris Lamb: set SHELL to static value.
• #827731 against tin by Alexis Bienven e: drop patch which overwrites __DATE__/__TIME__ macros, since gcc can handle it now
• #827863 against swedish by Alexis Bienven e: use C locale for sorting.
• #827987 against glances by Chris Lamb: Use SOURCE_DATE_EPOCH for embedded timestamp.
• #827994 against cmtk by Chris Lamb: use C locale for sorting.
• #828008 against aghermann by Chris Lamb: honour SOURCE_DATE_EPOCH for timestamps embedded into manpages.
• #828012 against bind9 by Chris Lamb: honour SOURCE_DATE_EPOCH for embedded timestamp.
• #828017 against frog by Chris Lamb: don't include pyc/pyo files in the package.
• #828021 against extra-cmake-modules by Scarlett Clark: normalize permission and file order in tarballs.
• #828060 against libffado by Chris Lamb: exclude file with test output from package.
• #828066 against gsmlib by Chris Lamb: honour SOURCE_DATE_EPOCH for timestamps embedded into manpages.
• #828067 against grib-api by Chris Lamb: exclude pyc files from package.
• #828122 against libxmlbird by Chris Lamb: sort list of globbed files.
• #828123 against magnum by Chris Lamb: use static value for embedded hostname.
• #828131 against pyjwt by Chris Lamb: exclude coverage data from package.
• #828145 against mkdocs by Chris Lamb: honour SOURCE_DATE_EPOCH for embedded timestamp.
• #828164 against zeal by Chris Lamb: use UTC for embedded timestamp.
• #828168 against x42-plugins by Daniel Shahaf: use printf instead of non-portable echo.

Package reviews 139 reviews have been added, 20 have been updated and 21 have been removed in this week. New issues found:

• timestamps_in_pdf_generated_by_reportlab
• r_base_appends_built_header_to_description_files
• timestamps_in_documentation_generated_by_mkdocs

53 FTBFS bugs have been reported by Chris Lamb, Santiago Vila and Mateusz ukasik. diffoscope development

• Satyam Zode added argument completion.
• Chris Lamb made the confusing "No differences found inside, yet data differs" message less confusing.

Quote of the week "My builds are so reproducible, they fail exactly every second time." Johannes Ziemke (@discordianfish) Misc. This week's edition was written by Chris Lamb (lamby), Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.

What happened in the Reproducible Builds effort between June 12th and June 18th 2016: Media coverage

• Sune Vuorela blogged about making Qt documentation reproducible while spending good times in the Alps.

GSoC and Outreachy updates Weekly reports by our participants:

• Scarlett Clark
• Satyam Zode

Toolchain fixes

• texlive-bin/2016.20160513.41080-3 has been uploaded to unstable, featuring support for FORCE_SOURCE_DATE. See the last post for details on it.
• doxygen/1.4.4-1 has been uploaded to unstable, fixing #822197 (upstream bug), which caused some generated html file to contain unreproducible memory addresses of Python objects used at build time.
• debhelper/9.20160618 has been uploaded to unstable, fixing #824490, which instructs ant to not save the username of the build user in the generated files. Original patch by Emmanuel Bourg.
• HW42 reported a long-known (although only internally) bug in our dpkg-buildinfo. this particular bug doesn't affect our current infrastructure, but it's a blocker for having .buildinfo support merged upstream.
• epydoc/3.0.1+dfsg-13 and 3.0.1+dfsg-14 have been uploaded by Kenneth J. Pronovici which fixes nondeterministic ordering issues in generated documentation and removes memory addresses. Original patches (#825968 and #827416) by Sascha Steinbiss.

With this upload of texlive-bin we decided to stop keeping our patched fork of as most of the patches for SOURCE_DATE_EPOCH support had been integrated upstream already, and the last one (making FORCE_SOURCE_DATE default to 1) had been refused. So, we are now going to let the archive be rebuilt against unstable's texlive-bin and see how many packages will become unreproducible with this change; once enough data will be collected we will ponder whether FORCE_SOURCE_DATE should be exported by helper tools (such as debhelper) or manually exported by every package that needs it. (For those wondering: we still recommend to follow SOURCE_DATE_EPOCH always and don't recommend other projects to implement FORCE_SOURCE_DATE ) With the drop of texlive-bin we now have only three modified packages in our experimental repository. Reproducible work in other projects

• Ed Maste sent a patch to have ELF Tool Chain's elfcopy support SOURCE_DATE_EPOCH.
• Ed Maste changed FreeBSD's ar(1) to have a reproducible output by default when invoked with -s.
• Ed Maste merged changes from NetBSD's makefs to FreeBSD's to add a command line option for setting the timestamp.
• Ed Maste reported on FreeBSD package reproducibility details from the investigation for his BSDCan talk, including diffoscope results for the non-reproducible packages.
• Holger Levsen spent some time thinking and documenting how to store package notes and issues in a multi-distribution friendly manner, so that we can share these issues and notes between reproducible efforts across different projects. Thoughts we had about this topic during the Athens meeting last December are included in the updated README.

Packages fixed The following 12 packages have become reproducible due to changes in their build dependencies: django-floppyforms flask-restful hy jets3t kombu llvm-toolchain-3.8 moap python-bottle python-debtcollector python-django-debug-toolbar python-osprofiler stevedore The following packages have become reproducible after being fixed:

• adios/1.9.0-10 by Alastair McKinstry.
• airstrike/0.99+1.0pre6a-8 by Markus Koschany, original patch by Reiner Herrmann.
• apt-dater/1.0.3-1 by Patrick Matth i, original patch by Chris Lamb.
• bitlbee/3.4.2-1 by Jelmer Vernoo .
• dar/2.5.5-1 by Laszlo Boszormenyi.
• fastjet/3.0.6+dfsg-2 by Mattia Rizzolo, original patch by Maria Valentina Marin.
• libretro-beetle-pce-fast/0.9.38.7+git20160609-1 by S rgio Benjamim, original patch by Reiner Herrmann.
• libretro-beetle-psx/0.9.38.6+git20151019-2 by S rgio Benjamim, original patch by Reiner Herrmann.
• mx/1.99.4-1 by Ying-Chun Liu.
• python-coverage/4.1+dfsg.1-1 by Ben Finney.
• shiro/1.2.5-1 by Tony Mancill, original patch by Chris Lamb.
• splix/2.0.0+svn315-5 by Didier Raboud.
• u-boot/2016.07~rc1+dfsg1-3 by Vagrant Cascadian, debugging and patch by HW42, patches submitted upstream.

Some uploads have fixed some reproducibility issues, but not all of them:

• gcc-mingw-w64/18 by Stephen Kitt.
• gnuplot/5.0.3+dfsg3-6 by Anton Gladky, original patch by Alexis Bienven e.

Uploads with reproducibility fixes that currently fail to build:

• ruby2.3/2.3.1-3 by Christian Hofstaedtler, avoids unreproducible rbconfig.rb files by always using bash for building.

Patches submitted that have not made their way to the archive yet:

• #827109 against asciijump by Reiner Herrmann: sort source files for deterministic linking order.
• #827112 against boswars by Reiner Herrmann: sort source files for deterministic linking order.
• #827114 against overgod by Reiner Herrmann: use C locale for sorting source files.
• #827115 against netpbm by Alexis Bienven e: honour SOURCE_DATE_EPOCH while generating output.
• #827124 against funguloids by Reiner Herrmann: use C locale for sorting files.
• #827145 against scummvm by Reiner Herrmann: don't embed extra fields in zip archive and build with proper host architecture.
• #827150 against netpanzer by Reiner Herrmann: sort source files for deterministic linking order.
• #827172 against reaver by Alexis Bienven e: sort object files for deterministic linking order.
• #827187 against latex2html by Alexis Bienven e: iterate deterministic over Perl hashes; honour SOURCE_DATE_EPOCH for output; strip username from output; sort index keys.
• #827313 against cherrypy3 by Sascha Steinbiss: prevent memory addresses in output.
• #827361 against matplotlib by Alexis Bienven e: honour SOURCE_DATE_EPOCH in output and sort keys while iterating over dict.
• #827382 against dwarfutils by Reiner Herrmann: fix array size, which caused memory from outside a table to be embedded into output.
• #827384 against skytools3 by Sascha Steinbiss: use stable sorting order and remove timestamps from documentation.
• #827419 against ldaptor by Sascha Steinbiss: sort list of input files and prevent home directory from leaking into documentation.
• #827546 against git-buildpackage by Sascha Steinbiss: replace timestamps in documentation with changelog date; prevent temporary paths in documentation.
• #827572 against xprobe by Reiner Herrmann: sort list of object files in static library archives.

Package reviews 36 reviews have been added, 12 have been updated and 31 have been removed in this week. 17 FTBFS bugs have been reported by Chris Lamb, Santiago Vila and Dominic Hargreaves. diffoscope development Satyam worked on argument completion (#826711) for diffoscope. strip-nondeterminism development Mattia Rizzolo uploaded strip-nondeterminism 0.019-1~bpo8+1 to jessie-backports. reprotest development Ceridwen filed an Intent To Package (ITP) bug for reprotest as #827293. tests.reproducible-builds.org

• Mattia Rizzolo uploaded pbuilder 0.225 to unstable, providing built-in support for eatmydata. We're planning to use it in armhf and i386 builders where we don't build in tmpfs, to increase the build speed some more.
• Valery Young reworked the appearance of the package page, hopefully making them more intuitive and usable. In the process she changed the script generating them to use a real templating system, thus improving maintenance for the future.
• Holger adjusted the scheduler to reschedule packages in state 'depwait' after two days instead of three.
• Mattia added the bug title next to the bug numbers in the notes.

Misc. This week's edition was written by Mattia Rizzolo, Reiner Herrmann, Ed Maste and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.

What happened in the reproducible builds effort this week: Toolchain fixes Eric Dorlan uploaded automake-1.15/1:1.15-2 which makes the output of mdate-sh deterministic. Original patch by Reiner Herrmann. Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-8 which now honors SOURCE_DATE_EPOCH. Original patch by Reiner Herrmann. Chris Lamb submitted a patch to dh-python to make the order of the generated maintainer scripts deterministic. Chris also offered a fix for a source of non-determinism in dpkg-shlibdeps when packages have alternative dependencies. Dhole provided a patch to add support for SOURCE_DATE_EPOCH to gettext. Packages fixed The following 78 packages became reproducible in our setup due to changes in their build dependencies: chemical-mime-data, clojure-contrib, cobertura-maven-plugin, cpm, davical, debian-security-support, dfc, diction, dvdwizard, galternatives, gentlyweb-utils, gifticlib, gmtkbabel, gnuplot-mode, gplanarity, gpodder, gtg-trace, gyoto, highlight.js, htp, ibus-table, impressive, jags, jansi-native, jnr-constants, jthread, jwm, khronos-api, latex-coffee-stains, latex-make, latex2rtf, latexdiff, libcrcutil, libdc0, libdc1394-22, libidn2-0, libint, libjava-jdbc-clojure, libkryo-java, libphone-ui-shr, libpicocontainer-java, libraw1394, librostlab-blast, librostlab, libshevek, libstxxl, libtools-logging-clojure, libtools-macro-clojure, litl, londonlaw, ltsp, macsyfinder, mapnik, maven-compiler-plugin, mc, microdc2, miniupnpd, monajat, navit, pdmenu, pirl, plm, scikit-learn, snp-sites, sra-sdk, sunpinyin, tilda, vdr-plugin-dvd, vdr-plugin-epgsearch, vdr-plugin-remote, vdr-plugin-spider, vdr-plugin-streamdev, vdr-plugin-sudoku, vdr-plugin-xineliboutput, veromix, voxbo, xaos, xbae. The following packages became reproducible after getting fixed:

• analog/2:6.0-21 uploaded by Andreas Beckmann, original patch by Dhole.
• base-passwd/3.5.38 uploaded by Colin Watson, original patch by Juan Picca.
• debconf/1.5.57 uploaded by Colin Watson, original patch by Lunar.
• ipband/0.8.1-4 by Mats Erik Andersson.
• kfreebsd-10/10.1~svn274115-7 by Steven Chamberlain.
• libcommons-cli-java/1.3.1-1 by tony mancill.
• libpsl/0.7.1-1 by Daniel Kahn Gillmor.
• maven-archiver/2.6-3 by Emmanuel Bourg.
• mtink/1.0.16-9 by Graham Inggs.
• ocamlweb/1.39-2 uploaded by Mehdi Dogguy, original patch by Chris Lamb.
• rbdoom3bfg/1.0.3+repack1+git20150625-1 by Tobias Frost.
• spatialite-tools/4.2.1~rc1-2 by Bas Couwenberg.
• task/2.4.4+dfsg-1 by Sebastien Badia.

Some uploads fixed some reproducibility issues but not all of them:

• bullet/2.83.4+dfsg-1 by Markus Koschany.
• cdo/1.6.6+dfsg.1-2 by Alastair McKinstry.
• fish/2.2.0-1 uploaded by Tristan Seligmann, original patch by Chris Lamb.
• sympy/0.7.6-3 by Sergey B Kirpichev.
• xtables-addons/2.7-1 uploaded by Dmitry Smirnov, original patch by Reiner Herrmann.

Patches submitted which have not made their way to the archive yet:

• #792178 on gunroar by Reiner Herrmann: use C locale when sorting source files.
• #792181 on tth by Reiner Herrmann: remove timestamps from generated HTML files.
• #792285 on pkgconf by Juan Picca: set LC_ALL=C when running sort.
• #792319 on jsmath-fonts by Chris Lamb: set TZ=UTC when calling unzip.
• #792424 on swh-plugins by Chris Lamb: sort inputs in Makefile.
• #792525 on ruby-standalone by Reiner Herrmann: use UTC and C locale when formatting the manpage date for the documentation.
• #792528 on dict-foldoc by Reiner Herrmann: use C locale when formatting the date for the documentation.
• #792529 on tomatoes by Reiner Herrmann: use date from debian/changelog in version string.
• #792593 on lives by Dhole: process a Perl hash in stable order.
• #792596 on jsmath by Dhole: set TZ=UTC when calling unzip.
• #792597 on jsmath-fonts-sprite by Dhole: set TZ=UTC when calling unzip.
• #792598 on libreoffice-canzeley-client by Dhole: set TZ=UTC when calling unzip.
• #792599 on openthesaurus by Dhole: set TZ=UTC when calling unzip.
• #792602 on fonts-stix by Dhole: set TZ=UTC when calling unzip.
• #792667 on jack-audio-connection-kit by use date from debian/changelog in manpages.
• #792668 on pyhoca-gui by remove date from package version number.
• #792671 on apertium-dbus by remove *.pyo and *.pyc from binary package.
• #792673 on bup by use date from debian/changelog when generating version strings.
• #792684 on cain by Chris Lamb: ensure stable permissions when creating source tarball.
• #792709 on dict-jargon by Dhole: set timestamp in archive using the latest entry of debian/changelog.
• #792727 on libaqbanking by Micha Lenk (upstream): sort source files in documentation.
• #792763 on docbook-dsssl by Chris Lamb: sort input files when creating changelog.
• #792770 on lynx-cur by Reiner Herrmann: use C locale when sorting configuration files.
• #792771 on mu-cade by Reiner Herrmann: use C locale when sorting source files.
• #792772 on titanion by Reiner Herrmann: use C locale when sorting source files.
• #792783 on linuxlogo by Reiner Herrmann: use C locale when sorting source files.
• #792821 on pkg-config by Juan Picca: use C locale when sorting source files.
• #792828 on tiger by Daniel Kahn Gillmor: use C locale when listing soure files.

reproducible.debian.net The statistics on the main page of reproducible.debian.net are now updated every five minutes. A random unreviewed package is suggested in the look at a package form on every build. (h01ger) A new package set based new on the Core Internet Infrastructure census has been added. (h01ger) Testing of FreeBSD has started, though no results yet. More details have been posted to the freebsd-hackers mailing list. The build is run on a new virtual machine running FreeBSD 10.1 with 3 cores and 6 GB of RAM, also sponsored by Profitbricks. strip-nondeterminism development Andrew Ayer released version 0.009 of strip-nondeterminism. The new version will strip locales from Javadoc, include the name of files causing errors, and ignore unhandled (but rare) zip64 archives. debbindiff development Lunar continued its major refactoring to enhance code reuse and pave the way to fuzzy-matching and parallel processing. Most file comparators have now been converted to the new class hierarchy. In order to support for archive formats, work has started on packaging Python bindings for libarchive. While getting support for more archive formats with a common interface is very nice, libarchive is a stream oriented library and might have bad performance with how debbindiff currently works. Time will tell if better solutions need to be found. Documentation update Lunar started a Reproducible builds HOWTO intended to explain the different aspects of making software build reproducibly to the different audiences that might have to get involved like software authors, producers of binary packages, and distributors. Package reviews 17 obsolete reviews have been removed, 212 added and 46 updated this week. 15 new bugs for packages failing to build from sources have been reported by Chris West (Faux), and Mattia Rizzolo. Presentations Lunar presented Debian efforts and some recipes on making software build reproducibly at Libre Software Meeting 2015. Slides and a video recording are available. Misc. h01ger, dkg, and Lunar attended a Core Infrastructure Initiative meeting. The progress and tools mode for the Debian efforts were shown. Several discussions also helped getting a better understanding of the needs of other free software projects regarding reproducible builds. The idea of a global append only log, similar to the logs used for Certificate Transparency, came up on multiple occasions. Using such append only logs for keeping records of sources and build results has gotten the name Binary Transparency Logs . They would at least help identifying a compromised software signing key. Whether the benefits in using such logs justify the costs need more research.

Debian is undertaking a huge effort to develop a reproducible builds system. I'd like to thank you for that. This could be Debian's most important project, with how badly computer security has been going.

PerniciousPunk in Reddit's Ask me anything! to Neil McGovern, DPL. What happened in the reproducible builds effort this week: Toolchain fixes More tools are getting patched to use the value of the SOURCE_DATE_EPOCH environment variable as the current time:

• libxslt in #791815 (Dhole),
• texlive-bin via upstream (#792202) (akira),
• sphinx via upstream (Dmitry Shachnev).

In the reproducible experimental toolchain which have been uploaded:

• doxygen to support SOURCE_DATE_EPOCH (akira),
• debhelper now set SOURCE_DATE_EPOCH to the time of the latest debian/changelog entry when exporting build flags, patch sent as #791823 (Dhole),
• epydoc to support SOURCE_DATE_EPOCH (Reiner Herrmann),
• texlive-bin (akira) and libxslt (Dhole) with the aforementioned support for SOURCE_DATE_EPOCH.

Johannes Schauer followed up on making sbuild build path deterministic with several ideas. Packages fixed The following 311 packages became reproducible due to changes in their build dependencies : 4ti2, alot, angband, appstream-glib, argvalidate, armada-backlight, ascii, ask, astroquery, atheist, aubio, autorevision, awesome-extra, bibtool, boot-info-script, bpython, brian, btrfs-tools, bugs-everywhere, capnproto, cbm, ccfits, cddlib, cflow, cfourcc, cgit, chaussette, checkbox-ng, cinnamon-settings-daemon, clfswm, clipper, compton, cppcheck, crmsh, cupt, cutechess, d-itg, dahdi-tools, dapl, darnwdl, dbusada, debian-security-support, debomatic, dime, dipy, dnsruby, doctrine, drmips, dsc-statistics, dune-common, dune-istl, dune-localfunctions, easytag, ent, epr-api, esajpip, eyed3, fastjet, fatresize, fflas-ffpack, flann, flex, flint, fltk1.3, fonts-dustin, fonts-play, fonts-uralic, freecontact, freedoom, gap-guava, gap-scscp, genometools, geogebra, git-reintegrate, git-remote-bzr, git-remote-hg, gitmagic, givaro, gnash, gocr, gorm.app, gprbuild, grapefruit, greed, gtkspellmm, gummiboot, gyp, heat-cfntools, herold, htp, httpfs2, i3status, imagetooth, imapcopy, imaprowl, irker, jansson, jmapviewer, jsdoc-toolkit, jwm, katarakt, khronos-opencl-man, khronos-opengl-man4, lastpass-cli, lava-coordinator, lava-tool, lavapdu, letterize, lhapdf, libam7xxx, libburn, libccrtp, libclaw, libcommoncpp2, libdaemon, libdbusmenu-qt, libdc0, libevhtp, libexosip2, libfreenect, libgwenhywfar, libhmsbeagle, libitpp, libldm, libmodbus, libmtp, libmwaw, libnfo, libpam-abl, libphysfs, libplayer, libqb, libsecret, libserial, libsidplayfp, libtime-y2038-perl, libxr, lift, linbox, linthesia, livestreamer, lizardfs, lmdb, log4c, logbook, lrslib, lvtk, m-tx, mailman-api, matroxset, miniupnpd, mknbi, monkeysign, mpi4py, mpmath, mpqc, mpris-remote, musicbrainzngs, network-manager, nifticlib, obfsproxy, ogre-1.9, opal, openchange, opensc, packaging-tutorial, padevchooser, pajeng, paprefs, pavumeter, pcl, pdmenu, pepper, perroquet, pgrouting, pixz, pngcheck, po4a, powerline, probabel, profitbricks-client, prosody, pstreams, pyacidobasic, pyepr, pymilter, pytest, python-amqp, python-apt, python-carrot, python-django, python-ethtool, python-mock, python-odf, python-pathtools, python-pskc, python-psutil, python-pypump, python-repoze.tm2, python-repoze.what, qdjango, qpid-proton, qsapecng, radare2, reclass, repsnapper, resource-agents, rgain, rttool, ruby-aggregate, ruby-albino, ruby-archive-tar-minitar, ruby-bcat, ruby-blankslate, ruby-coffee-script, ruby-colored, ruby-dbd-mysql, ruby-dbd-odbc, ruby-dbd-pg, ruby-dbd-sqlite3, ruby-dbi, ruby-dirty-memoize, ruby-encryptor, ruby-erubis, ruby-fast-xs, ruby-fusefs, ruby-gd, ruby-git, ruby-globalhotkeys, ruby-god, ruby-hike, ruby-hmac, ruby-integration, ruby-jnunemaker-matchy, ruby-memoize, ruby-merb-core, ruby-merb-haml, ruby-merb-helpers, ruby-metaid, ruby-mina, ruby-net-irc, ruby-net-netrc, ruby-odbc, ruby-ole, ruby-packet, ruby-parseconfig, ruby-platform, ruby-plist, ruby-popen4, ruby-rchardet, ruby-romkan, ruby-ronn, ruby-rubyforge, ruby-rubytorrent, ruby-samuel, ruby-shoulda-matchers, ruby-sourcify, ruby-test-spec, ruby-validatable, ruby-wirble, ruby-xml-simple, ruby-zoom, rumor, rurple-ng, ryu, sam2p, scikit-learn, serd, shellex, shorewall-doc, shunit2, simbody, simplejson, smcroute, soqt, sord, spacezero, spamassassin-heatu, spamprobe, sphinxcontrib-youtube, splitpatch, sratom, stompserver, syncevolution, tgt, ticgit, tinyproxy, tor, tox, transmissionrpc, tweeper, udpcast, units-filter, viennacl, visp, vite, vmfs-tools, waffle, waitress, wavtool-pl, webkit2pdf, wfmath, wit, wreport, x11proto-input, xbae, xdg-utils, xdotool, xsystem35, yapsy, yaz. Please note that some packages in the above list are falsely reproducible. In the experimental toolchain, debhelper exported TZ=UTC and this made packages capturing the current date (without the time) reproducible in the current test environment. The following packages became reproducible after getting fixed:

• 389-admin/1.1.42-1 uploaded by Timo Aaltonen, original patch by Chris Lamb.
• aroarfw/0.1~beta5-2 uploaded by Patrick Matth i, original patch by akira.
• clfft/2.4-2 by Ghislain Antony Vaillant.
• custom-tab-width/1.0.1-3 by Daniel Kahn Gillmor.
• debirf/0.35 uploaded by Daniel Kahn Gillmor, original patch by Chris Lamb.
• enigmail/2:1.8.2-3 by Daniel Kahn Gillmor.
• flashproxy/1.7-4 by Ximin Luo.
• getdns/0.2.0-2 by Daniel Kahn Gillmor.
• glfw3/3.1.1-1 by James Cowgill, reported by akira.
• gpgme1.0/1.5.5-3 by Daniel Kahn Gillmor.
• jzmq/3.1.0-4 by Jan Niehusmann.
• libcommons-cli-java/1.3.1-1 by tony mancill.
• liblo/0.28-5 uploaded by Felipe Sateler, original patch by akira.
• libmoe/1.5.8-2 uploaded by TANIGUCHI Takaki, original patch by Chris Lamb.
• libnet-interface-perl/1.012-2 uploaded by gregor herrmann, original patch by Chris Lamb.
• libxmlenc-java/0.52+dfsg-4 by Emmanuel Bourg.
• lintian/2.5.33 by Niels Thykier.
• litecoin/0.10.2.2-1 uploaded by Dmitry Smirnov, original patch by Chris Lamb.
• node-ws/0.7.2+ds1.349b7460-1 by Ximin Luo.
• pyevolve/0.6~rc1+svn398+dfsg-7 uploaded by Christian Kastner, original patch by Juan Picca.
• sendmail/8.14.9-3 by Andreas Beckmann.
• uthash/1.9.9.1+git20150507-2 by Ilias Tsitsimpis, report by Jakub Wilk.

Ben Hutchings upstreamed several patches to fix Linux reproducibility issues which were quickly merged. Some uploads fixed some reproducibility issues but not all of them:

• apt-dater/1.0.2-1 uploaded by Patrick Matth i, original patch by Dhole, fixed upstream by Thomas Liske.
• argyll/1.7.0+repack-4 by J rg Frings-F rst.
• grads/2:2.0.2-4 by Alastair McKinstry.
• kfreebsd-10 by Steven Chamberlain.
• mariadb-10.0/10.0.20-2 by Otto Kek l inen.
• xtel/3.3.0-18 uploaded by Samuel Thibault, original patch by Dhole.

Uploads that should fix packages not in main:

• fglrx-driver/1:15.7-1 uploaded by Patrick Matth i, fixed by Andreas Beckmann.
• pycuda/2015.1.2-1 uploaded by Tomasz Rybak, patch by Juan Picca.

Patches submitted which have not made their way to the archive yet:

• #787675 on ricochet by Daniel Kahn Gillmor: use the debian/changelog date in the manpage.
• #791648 on fish by Chris Lamb: sort header files in documentation.
• #791691 on fritzing by Chris Lamb: sort the documentation author list using the C locale.
• #791834 on bitcoin by Reiner Herrmann: sort sources files using the C locale.
• #791845 on yacas by Reiner Herrmann: sort hints using the C locale.
• #791851 on scowl by Reiner Herrmann: sort dictionary files using the C locale.
• #791913 on ceph by Chris Lamb: sort configuration file names.
• #791923 on alpine by Chris Lamb: use debian/changelog date as build date and use debian as the builder hostname.
• #791960 on leveldb by Reiner Herrmann: sort sources files using th e C locale.
• #792054 on ben by Reiner Herrmann: use debian/changelog date as bui ld date.
• #792056 on val-and-rick by Reiner Herrmann: sort sources by filenames.

reproducible.debian.net A new package set has been added for lua maintainers. (h01ger) tracker.debian.org now only shows reproducibility issues for unstable. Holger and Mattia worked on several bugfixes and enhancements: finished initial test setup for NetBSD, rewriting more shell scripts in Python, saving UDD requests, and more debbindiff development Reiner Herrmann fixed text comparison of files with different encoding. Documentation update Juan Picca added to the commands needed for a local test chroot installation of the locales-all package. Package reviews 286 obsolete reviews have been removed, 278 added and 243 updated this week. 43 new bugs for packages failing to build from sources have been filled by Chris West (Faux), Mattia Rizzolo, and h01ger. The following new issues have been added: timestamps_in_manpages_generated_by_ronn, timestamps_in_documentation_generated_by_org_mode, and timestamps_in_pdf_generated_by_matplotlib. Misc. Reiner Herrmann has submitted patches for OpenWrt. Chris Lamb cleaned up some code and removed cruft in the misc.git repository. Mattia Rizzolo updated the prebuilder script to match what is currently done on reproducible.debian.net.

My LTS November In November I resumed work on Debian LTS and worked on the following packages:

• DLA 88-1 for ruby1.8 fixing several CVEs as described in the announcement.
• DLA 91-1 for tomcat6, mostly prepared by one of it's maintainers, Tony Mancill, also fixing several issues by upgrading to a new upstream version. I just did review, testing, release and announcement, and then figured out the proper versioing for Wheezy, which turned out to be problematic because using the recommend versioning breaks the upgrade paths, when new upstream versions are introdued to squeeze-lts which basically have same version as in will be (or are) in wheezy-security. One cause (besides the wrong recommendation which still needs fixing in our wiki page are non enforcable version constraints: the suites wheezy and squeeze-lts reside on ftp-master.debian.org (and wheezy is only updated on point releases), while wheezy-security resides on security.debian.org. Most probably we will still leave things as they are for squeeze-lts and do changes for wheezy-lts only. Oh, and the release of the tomcat6 update for wheezy is currently stalled by #770769.
• DLA 92-1 for tomcat-native was also done in cooperation with Tony and is also a new upstream release, which is needed as the old version of tomcat-native doesn't function with the new tomcat6 version.
• The 2.6.32.64 update of linux-2.6 has not happened yet, but is planned for the coming weekend. So far it has been done in collaboration of Moritz M hlenhoff from the security team, Ben Hutchings from the kernel team, and Rapha l Hertzog and myself from the LTS team, which I consider to be quite nice. As Rapha l had already explained, Ben has joined the LTS team and so far his contribution was to identify a problem in patch related to openvz, so I haven't published this kernel update yet. Also, there was zero feedback from testers for the openvz flavor packages - so if you are using openvz and squeeze kernels, please contact us. For all the other flavors there was positive feedback to the call for testing (thanks!) - so you might want to give these kernels a try too!

Thanks to everyone who is supporting Squeeze LTS in whatever form, according to the wide feedback there are quite many people appreciating the work! (As this was asked on IRC: if you are a maintainer preparing something for squeeze-lts, that's totally great, thanks!, just please tell us about it as this is the assumption we are working under: if noone tells the LTS team, we think we need to prepare upgrades for squeeze-lts.)

I followed Gregor s evolution within Debian because I used to be somewhat active in the Perl team. His case is exemplar because it shows that you don t need to be an IT professional to join Debian and to make a difference. His QA page is impressive with hundreds of packages maintained and hundreds of non-maintainer uploads too. While he started out slowly, I remember meeting him at Debconf 7 in Edinburgh and after that he really got more implicated. Again a case of someone joining for technical reasons but getting more involved and staying there for social reasons! Let s jump into the interview and learn more about him. Raphael: Who are you? Gregor: I m 41 years old, and I live in Innsbruck, Austria, in a shared apartment with a friend of mine. In my day job, I m working at the regional addiction prevention agency, so I m one of the few Debian guys who s not an IT student or professional. I started maintaining packages in 2006, and I am a DD since April 2008. Raphael: How did you start contributing to Debian? Gregor: After having used Debian on servers for some years, I finally switched to it on the desktop after some procrastinating. Soon afterwards I wanted to know more about the making-of , started to join mailing lists, filed bugs, and tried to learn packaging. Luckily I quickly found a permanent sponsor Tony Mancill, and we re still co-maintaining each others packages. And when I packaged my first Perl modules, Gunnar Wolf invited me to join the Debian Perl Group, an offer I accepted a few days later. And I m still there Later, the NM process, although it involved some waiting times, was also a good learning experience due to my AM Wouter Verhelst. (And in the meantime the organization of the NM process has vastly improved, from what I hear.) So my starting point for joining Debian was my curiosity but what really helped me to find my way into the project was the support of the people who invited and helped me. Raphael: What s your biggest achievement within Debian or Ubuntu? Gregor: I m not sure I can name a single big achievement but I guess I can say that my contributions to the Debian Perl Group have helped to make and keep the team a success story. Raphael: The pkg-perl team seems to work very well. As an active member, can you explain us how it is organized? How do you explain its success? In particular it seems to be a great entry point for new contributors. Gregor: The team is huge, both in numbers of members and packages (over 2200). Since last DebConf we manage our source packages in git, we have 2 mailing lists and an IRC channel, and we manage to keep an overview by using PET, the Package Entropy Tracker. It s true that we get new members on a regular basis; we try to invite people (like it happened to me 6 years ago ) but there are also quite a few new contributors who find our docs and introduce themselves on the mailing list. Maybe someone should conduct a study and ask them what motivated them to join. We hand out group membership/commit access quickly, and we try to mentor new contributors actively during their early times in the group. Some of them leave for other projects after some time, but many also stay and become DDs later. I m not sure what the reasons for the group s success are, maybe a combination of:

• a culture in the group (and also in the upstream Perl community) that s based on fun, cooperation, and respect;
• the fact that packaging Perl modules is most of the time quite easy;
• a great set of tools, and also (hopefully) useful documentation;
• a bunch of relaxed people who are open to newcomers and try to help each other.

For everyone interested in joining the Debian Perl Group, our Welcome page on the wiki is a good starting point. Raphael: What are your plans for Debian Wheezy? Gregor: Nothing overly exciting. What I should do is getting a newer JabRef into Debian (which involves packaging some new Java libraries any takers?). A solution for libdatetime-timezone-perl (which ships timezone data converted to Perl modules and tends to get outdated when the timezone data change) would be nice; let s see if #660404 leads to some results And some Perl packages will also need a bit of work for the hardening build flags release goal (cf. #657853). Raphael: What s the biggest problem of Debian? Gregor: Inertia. While I really like the fact that Debian is a volunteer project, and that every contributor works when and on what they decide to work on, I get the feeling that Debian could do better in moving forward, innovating, taking decisions. I also think that more uniformity in managing source packages would make things easier; it s quite amazing to see how many source formats, packaging helpers, patch systems, RCSs etc. are used all over the archive. I m not advocating for mono-cultures, and I consider this diversity a strength in general, but having to find out first how this particular package works when preparing a bug fix can be annoying. On the bright side, I think that the myth Debian and its mailing lists are mostly about flames can be seen as dispelled in the meantime. Sure, sometimes the tone could be a bit more civil, but in general most of the interactions I ve seen in the last years were friendly and helpful. IMO, the Debian Project consists of mostly nice and cooperative people, and that s what makes it fun for me. Raphael: You re one of the most dedicated participants to RCBW (Release Critical Bugs of the Week), an initiative to fix RC bugs every week. How much time do you spend on it? What would you advise to people who are considering to join the movement? Gregor: I got into the habit of fixing RC bugs after having been invited to my first Bug Squashing Party in Munich some years ago. During this weekend I saw that fixing RC bugs can be fun, is often not that difficult, and gives a warm fuzzy feeling I can definitely recommend attending a BSP if one happens to be organized near you. After tasting blood at this first BSP I tried to continue looking at RC bugs, and I guess I spend something around half an hour per day on it. I usually blog about it once a week, in order to motivate others to join in. And joining is easy: just take a look at the tips people like Zack, Vorlon, or me have written. You don t have to be a DD to help, many of my NMUs are based on patches that others kindly prepare and send to the BTS kudos! Another nice aspect is that the RC bug list contains problems from different fields: general packaging problems, language-specific issues, policy violations, etc. So there s something for everybody, and you don t have to be an expert in all fields to fix a specific bug. What s rewarding about fixing RC bugs is not only the feeling of accomplishment and the knowledge about having helped the next release I also received quite a few Thank you mails from maintainers who were busy at that time and appreciated the help. Raphael: Do you have wishes for Debian Wheezy? Gregor: Well, there s not so much left of the Wheezy release cycle if we manage to freeze in June Some quick thoughts for Wheezy and Wheezy+1:

• Obviously, getting multi-arch and the hardening build flags as far as possible would be good.
• What I like is the idea of the time-based freeze, and I hope it will work out in June. And then I hope that the freeze will be shorter this time than during the last 2 releases.
• Unless I m missing something, the CUT discussions have more or less died down; IMO that s a pity because there are users who run testing and would like to avoid the several month long freeze. Maybe someone can come up with new ideas for Wheezy+1
• Too late for broad adoption in Wheezy but still: What constantly annoys me is the handling of conffiles during upgrades (when I want to keep changed values but at the same time want to add new variables). Config::Model seems to be the best idea so far for configuration upgrades but it s not yet widely adopted.

Raphael: Is there someone in Debian that you admire for their contributions? Gregor: There are many people in Debian I admire, too many to name them all. The first one that comes to my mind is Russ Allbery who not only does great work from lintian to Debian policy but who also sets a great example of communicating in a perfectly polite and respectful way even in heated discussions.

---

Thank you to Gregor for the time spent answering my questions. I hope you enjoyed reading his answers as I did. Note that older interviews are indexed on wiki.debian.org/PeopleBehindDebian.

Subscribe to my newsletter to get my monthly summary of the Debian/Ubuntu news and to not miss further interviews. You can also follow along on Identi.ca, Google+, Twitter and Facebook.

2 comments Liked this article? Click here. My blog is Flattr-enabled.

when I woke up today (after sleeping in for the first time with my new roll-top in front of my bedroom window) I was surprised & confused by a couple of "congratulations!" messages in my irc away-log. it took me a bit of time & coffee (& looking into my mailbox) to begin to realize that my Debian account had indeed been created while I was asleep. — in fact I guess I still haven't completely realized my new status as Debian Developer.

as others I'd like to follow the good tradition of taking the opportunity to thank some of the people who helped me to get there:

• first & foremost Tony Mancill, my advocate, permanent sponsor, & long-time co-maintainer; for all his support in preparing & quickly uploading packages, tracking down bugs, encouraging & advocating me but also for our very pleasant "chats" via email. — we have already agreed to continue co-maintaining each other's packages.
• the friendly & helpful guys from the Debian Perl Group: Gunnar Wolf, for always encouraging me (to join the group, to apply for the New Maintainer Process, ...); Damyan Ivanov, for teaching me so much (even if he called it "nitpicking"); Gunnar, Damyan, Krzysztof Krzyżaniak, Niko Tyni, Roberto C. Sánchez, Stephen Gran, Frank Lichtenheld, Jaldhar H. Vyas, Russ Allbery, Raphaël Hertzog, & some others for uploading packages I've prepared & helping me when I had questions or problems; Martín Ferrari, for all his help, expertise, & especially for the fun & the good times we share on IRC.
• my Application Manager Wouter Verhelst; for guiding me through the New Maintainer process not only fast but also in a very helpful, at the same time demanding & supporting way.
• the Debian Women sub-project; for making Debian a better & friendlier place not only for women but in general.
• finally: the people who used the time while I was asleep to actually create my account tonight :)

some final thoughts about the NM process from my point of view:

• it took me some time to actually apply for NM; what deterred me was not that I knew it would take some time but that I didn't know how long the time would be; & that I knew that the bigger part of the overall time would consist of waiting.
• I applied on 2007-04-03, my account was created on 2008-04-18; 380 days is not bad altogether in my opinion; the actual work with my AM was from 2007-08-12 until 2007-11-28 (i.e. 108 days, or 28% of the whole duration).
• I did enjoy the actual checks; I had to read & think a lot, & I learned a lot in that period.
• Front Desk (i.e. Christoph Berg) was very quick on all necessary steps.
• I was never demotivated about my Debian work because of all the people supporting me & taking the burden of uploading packages I had prepared. but I have to admit that I got a little bored in the last months of waiting after the report had been submitted by my Application Manager.

& now it's time first to celebrate & then to try to fully grasp my new rights & responsibilities.