[Reproducible-builds] notes of the meeting between some members of the release + reproducible builds teams

Holger Levsen holger at layer-acht.org
Sun Nov 8 13:46:36 UTC 2015


at the Mini-DebConf in Cambridge Chris Lamb and myself gave a talk titled 
"beyond reproducible builds", about the steps needed to happen once we 
achieved being able to do reproducible builds of the Debian archive.

The full slides are available at 
http://layer-acht.org/2015-11-08-MiniDebConfCambridge.pdf now and the video 
should hopefully show up on video.debian.net soon.

The relevant slide about the release process was:

 \frametitle{Debian release process}
  \item In our current design and practices, rebuilding stretch will require
  package versions which are not part of stretch.
  \item This design might put a high load on snapshot.debian.org.
  \item<2-3>{Rebuilding all of Debian a month prio the release? The release 
team probably won't like this. }
  \item<3>{So? (Self contained reproducibility should be the goal…)}

We (Chris and me) now had a small ten minute meeting with Adam Barratt, Ivo De 
Decker and Jonathan Wiltshire and these are the notes of it:

- archive rebuilds have been discussed by the release team before (="they do
  want them")
  - rebuilds are risky, OToneH - ONTotherHAND not doing this will move the
    risk to when rebuilds happen (eg security updates)
  - problem: slow archs, mips+mipsel+armel

- once we have .buildinfo file support in the archive, everything needs to be 
rebuild to get .buildinfo files for all the packages (and not just for newly 
uploaded ones)

things, we (reproducible builds team) could do:
  - constant rebuilds of other archs, so we can be sure rebuilds will work
  - compare (with diffoscope) our rebuilds with the packages in archive
  - attend the next release team meeting

things, we'd like the release team to do:
  - discuss this as a team and come to a team decision
  - put this on the agenda for the next meeting on wednesday on december 16th,
    2015, 19 UTC on #debian-release.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151108/d2b5eb90/attachment.sig>

More information about the Reproducible-builds mailing list