What do we really mean by "reproducible"?

Paul Sherwood paul.sherwood at codethink.co.uk
Mon Jan 16 14:19:44 UTC 2017

On 2017-01-16 11:26, Santiago Vila wrote:
> Before I use this rationale more times in some discussions out there, 
> I'd
> like to be sure that there is a consensus.
> What's the definition of reproducible? It is more like A or more like 
> B?
> A. Every time the package is attempted to build, the build succeeds,
> and the same .deb are always created.

I may be wrong, but I believe that it's not possible to guarantee that 
the build succeeds every single time, even once we've locked all inputs 
to be in a known state. Cosmic rays would be one potential breakage, or 
corruption of a built intermediate artifact etc.

> B. Every time the build is attempted and the builds succeeds, the
> same .deb are always created.

So I expect this is likely to be more viable than your A.

However, for a given set of inputs (including tooling) that are known to 
create a successful build once, they should always succeed provided 
there are no infrastructure glitches.

I'd also say that reproducibility shouldn't be .deb specific. Other 
projects are seeking bit-for-bit reproducibility with other packaging 
mechanisms. So I'd replace "the same .deb" with the same binary 


More information about the Reproducible-builds mailing list