[Reproducible-builds] [Reproducible-commits] [notes] 01/01: Remove packages that were built reproducibly.
Jérémy Bobbio
lunar at debian.org
Fri Jun 12 14:13:47 UTC 2015
Esa Peuha:
> On Fri, Jun 12, 2015 at 3:59 PM, Holger Levsen <holger at layer-acht.org> wrote:
> > On Freitag, 12. Juni 2015, Esa Peuha wrote:
> >
> >> -akuma:
> >> - version: 1.9-1
> >> - comments: |
> >> - it builds fine on jenkins.d.n, but when building locally it embeds the
> >> username into the manifest file - unclear, why this is hidden on
> >> jenkins.d.n
> >> - issues:
> >> - - user_in_java_jar_manifest
> >
> > did you confirm this ain't the case anymore or did you blindly remove this
> > package?
>
> Sorry, I must have missed that comment. Feel free to put it back if you
> think it should be preserved, but maybe we should just explicitly state
> that any claim about building packages reproducibly is strictly about
> building them on jenkins, and building them anywhere else may not be
> reproducible; that is really all that the automated checking can do,
> whether we say so or not. If we do say so, then I don't see much point
> in having comments about building a package somewhere else.
Jenkins is our current testbed. But we want anyone to be able to
reproduce the build anywhere. We are not there yet, but it's getting
closer. The main blockers, probably in order:
* Teach dak what to do with .buildinfo (#763822)
* Get dpkg-genbuildinfo in dpkg
* Have .buildinfo stored on the mirrors
* Add srebuild to the sbuild package (#774415)
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150612/c2685950/attachment.sig>
More information about the Reproducible-builds
mailing list