What do we really mean by "reproducible"?
Paul Sherwood
paul.sherwood at codethink.co.uk
Mon Jan 16 14:19:44 UTC 2017
On 2017-01-16 11:26, Santiago Vila wrote:
> Before I use this rationale more times in some discussions out there,
> I'd
> like to be sure that there is a consensus.
>
> What's the definition of reproducible? It is more like A or more like
> B?
>
> A. Every time the package is attempted to build, the build succeeds,
> and the same .deb are always created.
I may be wrong, but I believe that it's not possible to guarantee that
the build succeeds every single time, even once we've locked all inputs
to be in a known state. Cosmic rays would be one potential breakage, or
corruption of a built intermediate artifact etc.
> B. Every time the build is attempted and the builds succeeds, the
> same .deb are always created.
So I expect this is likely to be more viable than your A.
However, for a given set of inputs (including tooling) that are known to
create a successful build once, they should always succeed provided
there are no infrastructure glitches.
I'd also say that reproducibility shouldn't be .deb specific. Other
projects are seeking bit-for-bit reproducibility with other packaging
mechanisms. So I'd replace "the same .deb" with the same binary
artifacts"
br
Paul
More information about the Reproducible-builds
mailing list