Buildinfo in the Debian archive, updates

Holger Levsen holger at
Tue Dec 6 21:24:20 UTC 2016


On Mon, Nov 14, 2016 at 02:57:00PM +0000, Ximin Luo wrote:
> This email is a summary of some discussions that happened after the last post
> to bug #763822, plus some more of my own thoughts and reasoning on the topic.

I think that given our last mail on this bug was >4 weeks ago, it's
mostly important we reply to the bug at all now…
> I think having the Debian FTP archive distribute unsigned buildinfo files is an
> OK intermediate solution, with a few tweaks:
> 1. the hashes of the *signed* buildinfo files must be referred-to for each
>    binary package, in Packages.gz

I actually think thats too much to ask for right now. we should
*propose* this now as a 2nd step, but right now the first step should be
that those .buildinfo files are stored *at all*, for later consumption.

we "loose" .buildinfo files each day currently…

[lots of interesing and useful stuff deleted.]

Thinking again, I think we should not outline stuff for the 2nd step
right now, just the very 1st, which is saving the files at all,
somewhere on the local disk (of ftp-master.d.o).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <>

More information about the Reproducible-builds mailing list