distributing .buildinfo files (Re: Bad interaction between pbuilder/debhelper/dpkg-buildinfo/dpkg-genchanges and dak on security-master)
Holger Levsen
holger at layer-acht.org
Sat Apr 21 20:16:35 BST 2018
On Thu, Apr 05, 2018 at 10:43:04AM +0200, Philipp Kern wrote:
> So what would be needed to make at least a simple export of the data
> happen? I think the requirements I'd have are these:
that's a good question! :)
maybe we can sit together with some ftp-team and reproducible builds
folks in Hamburg and finalize the design and implement it?
> * Data is sufficiently fresh and optimally accessible before the mirror
> pulse happens so that you can always fetch the corresponding buildinfo
> for a newly pushed package.
> * Some way of actually deducing the path to the buildinfo file, either
> through some sort of redirector or by naming the files in a consistent
> fashion.
>
> Right now the second point does not work with the date-based farm that
> is used to archive the buildinfo files. It would work if we were to just
> apply the same splitting as in the regular pool. For the former just
> pushing the content through static.d.o should work and dak could push
> the content before pushing the mirrors?
>
> Intuitively I would not care about cryptographic authentication of the
> data. After all it can be verified by rebuilding if the package is
> reproducible.
agreed with all of these points, thanks!
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20180421/8a27ba8d/attachment.sig>
More information about the Reproducible-builds
mailing list