The developers of the Opensuse announced their support for repeated assemblies in the openSuse factory repository. The openSuse factory operates on a continuous cycle of updating program versions (rolling-renewal) and serves as the foundation for building the distribution OpenSuse Tumbleweed. This configuration ensures that binary files distributed in packages are compiled from the original texts provided, without any hidden changes. Users can verify that the proposed assemblies align with those collected from the original texts.
Repeating assemblies involves meticulous attention to details such as accurate dependency correspondence, consistent use of assembly tools and versions, identical options and default settings, maintaining file assembly order, and excluding unstable compilers with unreliable official information. This process avoids potential issues like random values, file path links, and time/date data disruptions.
Verifying the integrity of binary assemblies reduces reliance solely on trust in the assembly infrastructure, guarding against potential hidden manipulations by compromised compilers or tools. OpenSuse developers have used repeated assemblies to prevent malicious modifications, such as the incident involving a backdoor in the XZ package where the compromised LibLZMA library could have made harmful changes to the GCC code.
The Factory repository is not meant for end users and is primarily utilized by distribution developers due to its lack of guaranteed stability. Packages in the Factory system undergo automated testing using Openqa. After testing and ensuring consistent dependencies multiple times weekly, the repository contents are mirrored and published as OpenSuse Tumbleweed.