Non-Reproducible Packaging outside distros

Emanuel Bronshtein e3amn2l at
Sun Dec 11 14:57:09 UTC 2016

Some software has packaging process that occur when distributing the software,
for example in PHPMyAdmin (PHP software) the '' script:
has reproducibility issues:
The phpmyadmin packages (in debian & other distros) are based on the above released package.
which mean that there is a spof (single points of failure) on the release manager.

related questions/suggestions:
1. how to identify software packages that depend on upstream non-reproducible packaging? (then fix the related bugs)
2. maybe elaborate more in about processes that similar to build (compile stuff) but also need to be reproducible. (in order to raise awareness)
3. It will be better to verify the upstream packaging process in the future.

More information about the Reproducible-builds mailing list