On the second day of DebConf24 in Busan, South Korea, Holger Levsen provided a history lesson on the "first 11 years" of the Reproducible Builds project. He has been involved in the project for most of that time and has been a Debian user since the mid-1990s, contributor since 2001, and a Debian member since 2007; "I love Debian". Meanwhile, his aim is to make all free software be reproducible, so that anyone can check that a binary program comes from the source code it purports to.

He began by noting that the talk was not really only his, but was instead a talk that comes from the work of more than 100 people listed on the Reproducible Builds web site. He asked a few questions of the audience, such as who knows about the project, who has contributed to it, and who knows that the project itself is more than ten years old but that the idea of reproducible builds goes back more than 30 years? The goal of the talk is to recap and celebrate what has been done, he said, in order to get attendees excited and, thus, involved in the project. "Because there is still a lot of work to do."

The problem is that, while the source code of free software is available, most people install pre-compiled binaries. "No one really knows how they really correspond, even those building the binaries." The machine doing the build might have been compromised, for example. Because of this problem, there are various types of supply-chain attacks that can result.