[rb-general] Core Debian reproducibility: how close?
Bernhard M. Wiedemann
bernhardout at lsmod.de
Tue Oct 23 23:19:56 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 23/10/2018 14.51, David A. Wheeler wrote:
> How close is the core of Debian to being reproducibly built? By
> core I mean the packages that you always have to install no matter
> what.
Coincidentally, I just answered a similar question for openSUSE:
https://lists.opensuse.org/opensuse-factory/2018-10/msg00242.html
Of 107 core devel pkgs, 4 are very bad
Of 2444 DVD pkgs, 49 are very bad
120 more have reproducibility issues that can be auto-filtered.
Not all of them are strictly required/core, but things like Firefox,
Thunderbird, libreoffice would be good to get fixed some day, too.
Usually, around 95% of packages can be built with bit-identical results.
As detailed in https://www.suse.com/c/?p=42014 I also compared
official builds with local ones and already found several bugs with
it, so reproducibility is not just theoretical.
Ciao
Bernhard M.
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQRk4KvQEtfG32NHprVJNgs7HfuhZAUCW8+QbgAKCRBJNgs7Hfuh
ZAKRAKC8hGw0IqsH8yQ7HWpAA6Isf6bCqQCfRsHKacLpW48D3znPUZDChsrGBr4=
=s3Sb
-----END PGP SIGNATURE-----
More information about the rb-general
mailing list