capossele
commented
7 months ago Yeah you are right. We should make the reproducible build a more complete and integrated feature with plenty of docs. Right now it really feels not even half-baked.
Closed nategraf closed 7 months ago
capossele
commented
7 months ago Yeah you are right. We should make the reproducible build a more complete and integrated feature with plenty of docs. Right now it really feels not even half-baked.
Walked through the README and deployment guide (once again, haha) and found some things out of date, or that could be improved. I started on the deployment guide, but found that the example commands are currently broken.
There is a change in this list of suggestions that's worth some thought. I see that
RISC0_USE_DOCKERwas added to the deployment guide. I understand the motivations, but I think that for testnet deployment, this does not need to be part of the process. I personally think we should remove it from the deployment guide as it exists in this repo, since we want it to as low friction as possible for developers to get onto testnet. Integrating reproducible builds in a way that will allow for third parties to verify the image ID is a larger undertaking, since it also requires disciplined source control, a public release process, and documentation for third parties to reproproduce the results. Without that, it adds friction, but not a lot of value, to use Docker in the build process. I think we should defer on this, and revisit in a second iteration with a more fully featured guide and tooling to help developers get fully verifiable builds in a way that is easy for third parties to check.