source-only builds and .buildinfo

Daniel Kahn Gillmor dkg at
Tue Jun 20 18:47:20 UTC 2017

Hi Ian--

On Tue 2017-06-20 18:10:49 +0100, Ian Jackson wrote:
> A .buildinfo file is not useful for a source-only upload which is
> veried to be identical to the intended source as present in the
> uploader's version control (eg, by the use of dgit).
> Therefore, dgit should not include .buildinfos in source-only uploads
> it performs.  If dgit sees that a lower-layer tool like
> dpkg-buildpackage provided a .buildinfo for a source-only upload, dgit
> should strip it out of .changes.

I often do source-only uploads which include the .buildinfo.

I do source-only uploads because i don't want the binaries built on my
own personal infrastructure to reach the public.  But i want to upload
the .buildinfo because i want to provide a corroboration of what i
*expect* the buildds to produce.

why wouldn't dgit take the same approach?  stripping the .buildinfo from
the .changes seems like a wasted shot at a potential corroboration.
or am i misunderstanding the question here?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <>

More information about the Reproducible-builds mailing list