[rb-general] GNU coding standards discussion

Daniel Shahaf danielsh at apache.org
Sat Dec 3 14:19:10 CET 2016

Holger Levsen wrote on Sat, Dec 03, 2016 at 12:05:28 +0000:
> I think we actually agree on something, that is "compilation of the same
> source always has bit by bit identical results" so that we can check for
> reproducibility by checking for identical hashes and/or plain /usr/bin/diff
> should return "no bit difference".
> So I think we also agree that Signals "reproducible builds", which
> requires a specific tool to determine whether two builds are identical,
> are actual not Reproducible Builds according to our shared definition.

I see three tiers of reproducibility; in order:

- Bitwise identical: same length and byte-by-byte equal.

- Equal up to generic transformation: two packages are identical if
  f(alice) is bitwise identical to f(bob), for some well-known function
  f() that doesn't depend on the particular package.

  For example, a .buildinfo file could specify a list of byte offsets to
  exclude from comparison, and then the comparator would check whether
  two builds of the package are bitwise identical *except* for the bytes
  at the given offsets.  (Example: "bar" would compare equal to "baz" if
  the byte at offset 2 is ignored.)

- Package-specific tool required to determine whether two builds are

Each of these definitions implies the following ones.

I agree that we should use "bitwise identical" as the goal; but if
a particular package cannot meet that goal, then a package-agnostic
fallback sense of reproducibility would be preferable to
a package-specific one.



More information about the rb-general mailing list