would/Does it make sense to have .buildinfo feature into compiling tools as well ?
shirish शिरीष
shirishag75 at gmail.com
Tue Feb 14 18:43:55 UTC 2017
Dear all,
My idea/suggestion may be crap but still please go through it.
>From whatever little I understand of reproducible builds, one of the
basic things it tries to do is have a .buildinfo file which can be
shared with the other person so that s(he) can use the .buildinfo file
to generate the same binary and see that the checksums
(sha1sum/sha256sum) are the same.
Wouldn't you say it would also make sense to have the same/similar
feature built into compiling tools like make, cmake, premake etc. not
just for the security POV but also to figure out build failures -
What do you think ?
The best thing about the .buildinfo file is that it gives/shares all
the files needed for a build to happen, like in debian's case with
dpkg-buildpackage to generate a debian binary.
Looking forward to know what people think of the idea ?
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
More information about the Reproducible-builds
mailing list