[Reproducible-builds] don't panic? or: inform d-d-a

Sun Feb 8 12:43:18 UTC 2015

Hi,

Quoting Holger Levsen (2015-02-08 12:48:51)
> So I think we should do a post to debian-devel-announce soonish to formalize 
> announce (and discuss) this mass bug filing but also and foremost announce the 
> huge progresses we made.

I think this intention of the mail should be made more clear in the first
paragraph.

> The following is a suggestion which I'm not entirely happy with, feedback
> much welcome. I think we should probably move this to etherpad/gobby and
> fisnih/rewrite it collaborativly there.

Here some comments by mail. I'm no native english speaker so take some
suggestions with care :)

> Subject: Reproducible Builds - a proof of concept showing 83% success currently

Subject: Reproducible Builds - a proof of concept currently showing 83% success

sounds more natural to my ears but that might just be me.

> this is ment

s/ment/meant/

> as a short pointer to the "Reproducible Builds" project as 
> described in detail on https://wiki.debian.org/ReproducibleBuilds - in short, 
> reproducible builds are about enabling everyone to confirm independently that 
> a given binary .deb was build from a specified source .dsc.

Maybe rewrite this paragraph into one that better summarizes the intent of this
announcement like:

   We would like to announce the latest progress of the "Reproducible Builds"
   project as described in detail on https://wiki.debian.org/ReproducibleBuilds
   [...]

> We have been making many great progresses recently,

Using "progress" as if it was countable is kinda weird. "We have been making
much great progress recently" sounds better.

> as you might have heard at the last FOSDEM. A summary is available in
> interview form at https://fosdem.org/2015/interviews/2015-holger-levsen/ -
> this interview was team work, even though it doesn't look like ;-)

The "as you might've heard" is superfluous and you might write: "A summary of
the interview we gave at FOSDEM 2015 is available at  [...]"

> If you look at the second graph in
> https://reproducible.debian.net/reproducible.html

Maybe link to the image directly as you did in this email? I found this easier
to follow than clicking that link and then scrolling first. Unfortunately there
is no id attribute in the html that would allow linking directly to the
position on the page.

> you will also see that we have been filing a large amount of (wishlist) bugs
> (each with a patch) recently,

Maybe it would be nice to actually give a number here.

I found the number using this:

for f in toolchain infrastructure timestamps fileordering buildpath username hostname uname randomness cpu buildinfo; do bts select tag:$f users:reproducible-builds at lists.alioth.debian.org; done | sort -u | wc -l

maybe there's a better or more correct way to find out.

> which could be seen as unannounced mass bug filing, if it werent for
> announcements and discussions at FOSDEM14+15 and DebConf14.
> 
> You might also have noticed that reproducible builds have been integrated into 
> tracker.d.o, the Debian Developer's Package Overview (DDPO) and the Debian 
> Maintainer Dashboard (DMD).

I actually didn't notice all of these so I would've appreciated with a tad more
information of what changed:

   Reproducible builds have been integrated into

     * tracker.d.o: for unreproducible packages in the "links" box under
       "buildd"
     * Debian Developer's Package Overview (DDPO): a column "Rep" which is
       shared with the column for "CI" will show unreproducibility or FTBTFS
     * Debian Maintainer Dashboard (DMD): the table "Quality Assurance Checks"
       got a new column "reproducible"

This way, the information is also more structured than all in a single
paragraph.

> Currently reproducible builds for Debian are still in the phase where we are
> investigating the best approach. If you are interested to help, please start
> by reading https://wiki.debian.org/ReproducibleBuilds/Contribute

The ReproducibleBuilds/Contribute page does not say anything about the current
approach or problems with it or what was tried or directly where improvement is
needed - so what is the connection for it to be in the same paragraph? In any
case I'd like to expand on the "best approach" idea more, either by giving the
right resource listing the current or other possible approaches or by giving a
short list of open questions and doubts.

For example, guillem mentioned some drawbacks of reproducible builds and I
think it would be good to not loose them to find the "best approach".

> Once jessie is released we plan to make reproducible builds a proper release
> goal for stretch, but we would like to postpone *this* discussion until
> jessie is out for real.

Could somebody clarify the release goals for me? I didn't see any for Jessie
but maybe they were never discussed on debian-devel. I see the call for release
goals:

https://lists.debian.org/debian-devel-announce/2013/09/msg00001.html

I see the announcement of processing the release goals:

https://lists.debian.org/debian-devel-announce/2013/10/msg00004.html

And I see a list of them in the wiki:

https://wiki.debian.org/ReleaseGoals/

And I can also see that only a single release goal was reached for wheezy. So
how important are release goals if only one got reached for the last release
and is there a list of approved Jessie release goals anymore?

Even for the Jessie release goal proposals like CrossToolchains and
CrossBuildableBase, I never saw these as arguments to make some bugs of higher
priority than they otherwise would be during this release cycle - and there was
lots of controversy about bugs involving these topics going on...

To me it seems as if the idea of release goals just silently got dropped at
some point.

> That said, we welcome you to discuss the project now by following up to
> debian-devel at lists.debian.org, just please keep reproducible-
> builds at lists.alioth.debian.org cc:ed for those who are not subscribed to
> devel.
> 
> 
> yours sincerely,
>   $list_of_names / the Debian reproducible builds team

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150208/ab22a3ee/attachment.sig>