Moving towards a deb-buildinfo(5) Format 1.0
Guillem Jover
guillem at debian.org
Tue Nov 15 03:21:09 UTC 2016
Hi!
On Sun, 2016-11-13 at 14:21:45 +0100, Johannes Schauer wrote:
> Also see:
>
> https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles#Semantics
>
> I've heard many upstream developers who were initially very much against
> purging the timestamp when the build was done from their build artifacts
> because they valued the information of when a build was done (whatever their
> reasons are). So this information could simply be retained in that field in the
> .buildinfo file.
I've always claimed that myself, and that was one of the reasons I was
reluctant to eliminate the date from the ar containers, I guess at the
time I could not fully express concretely my gut feeling, but now I
can. :)
The build date is important, because there are actions and events that
are time-based, but are still external to the confinement of the build
environment.
Say, a disk failure corrupting data on the chroot; a broken
debootstrap creating disfunctional chroots, etc, etc. Some of those
might not be immediately visible inside the affected system. But once
known it is useful to be able to say which packages might be suspect
by matching the event date ranges. Of course if the builds end up not
matching other reproducible artifacts then those will be suspect, but
if all reproducers have built using the same external event generator
then that might be harder to see. :)
Thanks,
Guillem
More information about the Reproducible-builds
mailing list