Getting condor builds reproducible
Holger Levsen
holger at layer-acht.org
Mon May 25 02:07:43 BST 2026
On Sun, May 24, 2026 at 05:03:05PM -0700, Vagrant Cascadian wrote:
> I do not think it is reasonable for reproduce.debian.net to run the
> original running kernel version (E.g. running a security vulnerable
> kernel) in the build environment just to get reproducible builds...
I very much agree! :)
(I also applaud your other findings in that mail I'm replying too. They are
just not as 'simple' as this one. As if anything here would be simple.)
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
AI is for our brains what cars are for our legs. (Tomáš Peltan)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20260525/2a576395/attachment.sig>
More information about the Reproducible-builds
mailing list