Secure boot signing infrastructure - feedback request
Julien Cristau
jcristau at debian.org
Mon Oct 9 16:47:34 UTC 2017
On Mon, Oct 9, 2017 at 17:38:56 +0100, Steve McIntyre wrote:
> On Mon, Oct 09, 2017 at 02:01:15PM +0100, Ben Hutchings wrote:
> >It also makes all these packages unreproducible, which is a policy
> >violation.
>
> Surely *anything* with a signature is going to be unreproducible
> directly, by definition. To check for reproducibility, you'll need to
> strip the signatures. Or are you claiming something else?
>
No, the previous scheme allowed reproducibility (in the
"dpkg-buildpackage from the source package results in the exact same
.deb files" sense), since the signatures were shipped as part of a
source package. Attaching fixed signatures to fixed binaries is
reproducible.
Cheers,
Julien
More information about the Pkg-grub-devel
mailing list