Status update from the Reproducible Builds project

Adrian Bunk bunk at debian.org
Mon Jul 24 21:08:21 UTC 2017


>...
> Debian Policy
> =============
> 
> We are in the process of making reproducibility of packages something
> properly documented in policy.  Writing patches for policy is not easy,
> so we welcome input from everyone to be able to better consider all the
> needed facets.  See bug #844431 [16] for it.
> Also, we wish to remind everyone that Debian Policy aims at documenting
> current practices, it's not a "stick" to impose new rules.  That said,
> we believe reproducible builds to be among the best practices today.
>...

If it could be interpreted in the future to include things that are
not current practice today, it would be a stick to impose new rules.

The main problem is the lack of an exact definition what
"packages build in a reproducible manner" includes, and what not.

Bill already explained that "it is possible to reproduce" is a much 
easier problem to solve than "it will always be reproduced".

I would suggest a top-down approach to that:

What are the high-level guarantees reproducible builds plans to make 
for all packages in buster?

What exactly is required from every single package for that,
and also realistic to achieve for buster?

Once you have these plus a list of all remaining bugs, you can
go to the release team asking whether these can be considered
as release critical for buster.

At that point documenting this status quo for policy should
be straightforward.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed




More information about the Reproducible-builds mailing list