Proposal for making Multi-Arch:same binNMU-safe
Philipp Kern
pkern at debian.org
Thu Apr 16 10:21:53 BST 2026
On 4/16/26 10:43 AM, Helmut Grohne wrote:
> That is what we did for a long time. If you were to rebuild the same
> package at two different points in time with the same set of
> dependencies, that would get you different file modification times.
> Those would be recorded in data.tar and therefore the rebuilt .deb would
> differ from the earlier one. This broke reproducible builds and is what
> caused the addition of SOURCE_DATE_EPOCH. Now, dh-strip-nondeterminisim
> clamps the modification time of installed files to SOURCE_DATE_EPOCH and
> this aspect no longer causes issues to reproducible builds.
IIUC we are already doing a transformation of both packages before they
are being compared, right? Out of curiosity: How much does it actually
buy us to choose to care about the timestamps here?
Kind regards
Philipp Kern
More information about the Reproducible-builds
mailing list