Bastien Roucariès

I am dd since 2017, maint of imagemagick, and a lot of javascript package.

I am member of LTS team

Accepted Talks:

Welcome to DebConf 25!

The DebConf organisation team welcomes you to the 26th edition of the yearly Debian community conference!

Static linking pitfalls, harms and chalenges

A static library or a statically linked library contains functions and data that can be included in a computer program at build-time such that the library does not need to be accessible in a separate file at run-time. Static linking is an old concept that, during the 2000s, was considered a legacy approach and was gradually phased out in favor of dynamic libraries.

Dynamic libraries offer significant advantages in code reusability, security, and memory efficiency. In contrast, static libraries provide potential speed optimization by reducing dead code and enabling seamless code integration without relying on API or ABI stability, including the application of custom patches to upstream code.

In the 2010s, this seamless code integration became known by various terms, such as vendoring (Go terminology), packing, bundling, browserifying (JavaScript terminology), and uber-jar (Java terminology). At its essence, it represents a form of static linking, even within interpreted languages.

The widespread use of static linking presents significant challenges for release managers and security managers. While some workarounds, such as Static-Built-Using fields, binNMU, or mass rebuilds, exist, they are often insufficient or overly cumbersome in practice.

Moreover, following a Thompson-like argument, a ‘Reflections on Static Trusting Trust’ approach should be undertaken from a security perspective to ensure the removal of insecure code. Practical assistance could be obtained from reproducible builds, though these lack theoretical guarantees.

Introducing new concepts, such as weak dynamic linking and leaf static linking, could help alleviate certain challenges and contribute to improving the current status quo.

BoF javascript team

A BoF for jacvascript team and user of javascript package and nodes package.

CSS, tooling, webpackging bundling and so on.

Debian LTS BoF

The Debian LTS team aims to provide security support for five years after the initial release, taking over the Security and Release Team on the third year.

This BoF is an opportunity to discuss between fellow team members and users (including sponsors), and to present our current goals regarding our workflows.

More information about Debian LTS can be found at https://wiki.debian.org/LTS

Multiarch next step

This BoF will talk about future of multiarch including some limitations, partial arch, freestanding arch.

Include also talk about cross arches

Will also includes talk about chroot only arch, and problems like how can I get my coredump

Welcome Address – DebConf 2025 Academic Track

Welcome to the DebConf 2025 Academic Track! We are pleased to welcome fellow academics to the first academic sessions of DebConf, organized in collaboration with the IRISA laboratory.