Bug#844431: Reproducibility in Policy
Holger Levsen
holger at layer-acht.org
Sat Aug 12 21:40:27 UTC 2017
On Fri, Aug 11, 2017 at 08:35:47PM -0700, Russ Allbery wrote:
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> > I don't like the idea of hard-coding a fixed build path requirement into
> > debian policy.
I don't *like* it neither but I think it's the sensible thing to do now.
> > We're over 80% with variable build paths in unstable
> > already, and i want to keep the pressure up on this. The build location
> > should not influence the binary output.
I'd like to keep the pressure on this but and I think we can still that
while OTOH also trying to get closer to 100% first+too.
With build path variation reaching the worthwhile goal of having >98% reproducible
builds will be delayed by 1-2 years at least, so this is a classic "perfect is the
enemy of good". I don't do reproducible builds for purely academic reasons,
I foremost want them to increase the security of user systems.
> It shouldn't, but my understanding is that it currently does. If you can
> fix that, that's great, but until that's been fixed, I don't see the harm
> in documenting this as a prerequisite for a reproducible build. If we can
> relax that prerequisite later, great, but nothing about listing it here
> should reduce the pressure on making variable build paths work. It just
> documents the current state of the world.
exactly.
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170812/09d4cefe/attachment.sig>
More information about the Reproducible-builds
mailing list