[breatheoften]

Does bazel use the word “provenance“ at all?

Provenance is a word I first saw advertised in a platform called dotscience.io — that I find fundamentally interesting. And it seems quite relevant to hermetic builds.

Provenance is about giving any state derived from an arbitrary computation an identity that is derived from the content hash of the inputs needed to re-compute that state ... in dotscience they achieve this by instrumenting io and creating zfs filesystem snapshots when computing new provenance artifacts.

I think this concept could be the ultimate building block for a build system — and it could become the job of oses/containers/runtimes/databases to Coordinate to allow this abstraction to be tracked with sufficient efficiency that programmers would feel allowed to freely use the concept of provenance when building ... it seems to me like provenance could provide all the information needed to support a distributed build cache? You wouldn’t actually need a build language at all — just an api in each language to ask for the saving of provenance artifacts. The artifact would hold all the info needed to be able to recompute the artifact with the same state — which is also all the info needed to decide when the artifact is out of date ...?

[dub]

Bazel is part of the story of how Google manages provenance for build artifacts (https://cloud.google.com/security/binary-authorization-for-b...)

[Boulth]

This is not entirely correct. It's not Bazel but "build system very similar to Bazel" (from your source) and that's I guess their internal Blaze tool.

I wonder what's the real usage of Bazel (not Blaze) in Google.

[karlding]

According to this comment [0] by laurentlb (one of the people working on Bazel who also commented in this post) from a year ago, Blaze is just Bazel but with integrations to Google-internal tools.

[0] https://news.ycombinator.com/item?id=18823546