source-only builds and .buildinfo
Adrian Bunk
bunk at debian.org
Wed Jun 21 08:34:17 UTC 2017
On Tue, Jun 20, 2017 at 02:47:20PM -0400, Daniel Kahn Gillmor wrote:
> Hi Ian--
>
> On Tue 2017-06-20 18:10:49 +0100, Ian Jackson wrote:
> > A .buildinfo file is not useful for a source-only upload which is
> > veried to be identical to the intended source as present in the
> > uploader's version control (eg, by the use of dgit).
> >
> > Therefore, dgit should not include .buildinfos in source-only uploads
> > it performs. If dgit sees that a lower-layer tool like
> > dpkg-buildpackage provided a .buildinfo for a source-only upload, dgit
> > should strip it out of .changes.
>
> I often do source-only uploads which include the .buildinfo.
>
> I do source-only uploads because i don't want the binaries built on my
> own personal infrastructure to reach the public. But i want to upload
> the .buildinfo because i want to provide a corroboration of what i
> *expect* the buildds to produce.
>...
If you expect that, then your expectation is incorrect.
If you upload a package right now, chances are the buildds will use both
older versions of some packages [1] and more recent versions of some
other packages [2] than what you used.
> --dkg
cu
Adrian
[1] buildd chroots are regenerated twice per week and not updated
prior to each build
[2] some packages might already have been updated compared to what
you used
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the Reproducible-builds
mailing list