Bug#873937: dpkg: should include information about the used kernel in .buildinfo files

Guillem Jover guillem at debian.org
Sun Sep 10 14:35:31 UTC 2017


On Wed, 2017-09-06 at 19:18:33 -0700, Vagrant Cascadian wrote:
> On 2017-09-02, Holger Levsen wrote:
> > On Fri, Sep 01, 2017 at 04:51:55PM +0200, Guillem Jover wrote:
> > > In addition to the above, I'm actually somewhat uncomfortable with this
> > > request, as it looks like a massive privacy leak. Compared to package
> > > lists and versions, which are actually requested by the package being
> > > built and might not have anything to do with the main system this
> > > build was being run on (say a chroot for example), or might get deleted
> > > immediately after the build. The kernel tends to be a system-wide
> > > resource, that even if upgraded does not mean it will be running (until
> > > a reboot).
> >
> > on reflection I agree that the privacy implications are too bad.
> The including the build path also has privacy implications, but it can
> be disabled from inclusion in .buildinfo, no?  What about including the
> kernel if something like DEB_BUILD_OPTS="buildinfo=+kernel" ?

Ah good point, yeah, I have no problem with adding this as an option
that is disabled by default. Attached a tentative patch doing that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dpkg-genbuildinfo-Add-a-new-Build-Kernel-Version-fie.patch
Type: text/x-diff
Size: 4608 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170910/bf8f13c3/attachment.patch>

More information about the Reproducible-builds mailing list