source-only builds and .buildinfo
bunk at debian.org
Wed Jun 21 08:34:17 UTC 2017
On Tue, Jun 20, 2017 at 02:47:20PM -0400, Daniel Kahn Gillmor wrote:
> Hi Ian--
> On Tue 2017-06-20 18:10:49 +0100, Ian Jackson wrote:
> > A .buildinfo file is not useful for a source-only upload which is
> > veried to be identical to the intended source as present in the
> > uploader's version control (eg, by the use of dgit).
> > Therefore, dgit should not include .buildinfos in source-only uploads
> > it performs. If dgit sees that a lower-layer tool like
> > dpkg-buildpackage provided a .buildinfo for a source-only upload, dgit
> > should strip it out of .changes.
> I often do source-only uploads which include the .buildinfo.
> I do source-only uploads because i don't want the binaries built on my
> own personal infrastructure to reach the public. But i want to upload
> the .buildinfo because i want to provide a corroboration of what i
> *expect* the buildds to produce.
If you expect that, then your expectation is incorrect.
If you upload a package right now, chances are the buildds will use both
older versions of some packages  and more recent versions of some
other packages  than what you used.
 buildd chroots are regenerated twice per week and not updated
prior to each build
 some packages might already have been updated compared to what
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the Reproducible-builds