[Reproducible-builds] .buildinfo should contain source hashes (as well as binary hashes)
Johannes Schauer
josch at debian.org
Sun Sep 20 17:22:19 UTC 2015
Hi,
Quoting Ximin Luo (2015-09-20 18:49:16)
> Currently, to run a DDC test, we would have to read the buildinfo file, find
> the hashes of the binary build-deps, lookup the source packages that
> corresponds to these hashes, find a different binary build-deps for these
> hashes, and run our DDC-checker. This takes many round trips, and contacting
> external infrastructure that isn't necessary.
>
> If .buildinfo files contained source hashes, the DDC-checker could work more
> directly, without requiring a remote repository of source hash <-> binary
> hash mappings.
which packages would benefit from this?
Clearly, a DDC check of C compilers like gcc and clang would benefit from this.
Is there any other language where the compiler is written in the same language
that it compiles and where there exist more than one compiler that has enough
features to compile it?
Otherwise, I'd say that your argument is quite weak because it only would make
checking of two packages in Debian easier (gcc and clang). And I think that
even this check would probably not need to be done than, lets say, once per
month as a jenkins job which can do the necessary mapping in a shell script.
Is there a stronger argument for storing source and binary hashes in the
buildinfo itself?
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150920/f3ee886b/attachment.sig>
More information about the Reproducible-builds
mailing list