work in progress

src/thesis/2-reproducibility.typ

@@ -1483,23 +1483,23 @@ result, uncontrolled changes to dependencies may also lead to inconsistencies in
 software behaviour, or have a impact on the security level, undermining
 reproducibility​.
 
-To mitigate these issues, *immutable* environments have gained popularity.
-Tools such as Docker provide mechanisms to encapsulate software and its
-dependencies in containers, thus creating environments that remain unchanged
-after creation. Once a container is built, it can be shared and executed across
-different systems with the guarantee that it will function identically, given
-the same hardwar environment. This characteristic makes containers highly
-suitable for distributing software.
+To mitigate these issues, #emph[immutable] environments have gained popularity.
+Tools such as Docker #cite(<docker>,form:"normal") provide mechanisms to
+encapsulate software and their dependencies in containers, thus creating
+environments that remain unchanged after creation. Once a container is built, it
+can be shared and executed across different systems with the guarantee that it
+will function identically, given the same environment. This characteristic makes
+containers highly suitable for distributing software.
 
 Despite the advantages of immutability, it does not guarantee reproducibility.
 For instance, container images hosted on platforms like Docker Hub
 #cite(<dockerhub>,form:"normal"), including popular language interpreters
 #eg[Python, NodeJS, PHP], may not be reproducible due to non-deterministic
 steps during the image creation. A specific example can be found in
 #ref(<python-dockerfile>), which runs `apt-get update` at line 4 as part of the
-image build process. Since `apt-get` pulls the latest version of package lists
-at build-time, it is impossible to reproduce the same image later, compromising
-Docker's build-time reproducibility.
+image build process. Since `apt-get` pulls the latest version of package index
+during its creation, it is impossible to build again the same image later,
+compromising Docker's build-time reproducibility.
 
 #figure(
   sourcefile(
@@ -1538,8 +1538,9 @@ potential for reproducibility at run-time.
 
   However, the term "official" can be misleading. One might suggest that these
   images are maintained by the original software's developers, but it's not
-  always the case. For example, the PHP Docker image is not maintained by the
-  core PHP development team. This means updates or fixes may not be as prompt or
+  always the case. For example, the PHP Docker image
+  #cite(<dockerhubphpimage>,form:"normal") is not maintained by the core PHP
+  development team. This means updates or fixes may not be as prompt or
   specific as if the software’s developers maintained the image.
 
   While Docker vets these images for quality, responsibility for the contents

src/thesis/literature.bib

@@ -1074,3 +1074,10 @@ @misc{dockerofficialimages
   year   = 2024,
   url    = {https://github.com/docker-library/official-images/blob/6b4803e65a2c56f15b91f8a11bd90f0bcb756c1c/README.md#what-are-official-images},
 }
+
+@misc{dockerhubphpimage,
+  title  = {Docker PHP images},
+  author = {{Docker, Inc.}},
+  year   = 2013,
+  url    = {https://hub.docker.com/_/php/}
+}