[Pkg-openssl-devel] Bug#1009934:

James Addison jay at jp-hosting.net
Sun Mar 31 23:17:33 BST 2024


Control: severity -1 wishlist

Dear Maintainer,

Currently, Debian's buildd and also the Reproducible Builds team's testing
infrastructure[1] both use a fixed build path when building binary packages.

This means that your package will pass current reproducibility tests; however
we believe that varying the build path still produces undesirable changes in
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

You can use the 'reprotest' package build utility - either locally, or as
provided in Debian's Salsa continuous integration pipelines - to assist
uncovering reproducibility failures due build-path variance.

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



More information about the Pkg-openssl-devel mailing list