source-only builds and .buildinfo
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jun 20 18:47:20 UTC 2017
Hi Ian--
On Tue 2017-06-20 18:10:49 +0100, Ian Jackson wrote:
> A .buildinfo file is not useful for a source-only upload which is
> veried to be identical to the intended source as present in the
> uploader's version control (eg, by the use of dgit).
>
> Therefore, dgit should not include .buildinfos in source-only uploads
> it performs. If dgit sees that a lower-layer tool like
> dpkg-buildpackage provided a .buildinfo for a source-only upload, dgit
> should strip it out of .changes.
I often do source-only uploads which include the .buildinfo.
I do source-only uploads because i don't want the binaries built on my
own personal infrastructure to reach the public. But i want to upload
the .buildinfo because i want to provide a corroboration of what i
*expect* the buildds to produce.
why wouldn't dgit take the same approach? stripping the .buildinfo from
the .changes seems like a wasted shot at a potential corroboration.
or am i misunderstanding the question here?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170620/6ef45dd6/attachment.sig>
More information about the Reproducible-builds
mailing list