[rb-general] reproducible .debs outside of the Debian archive

Jérémy Bobbio lunar at debian.org
Mon Jan 25 18:39:05 CET 2016

> reprepro unfortunately can't handle multiple version of a package in one
> repo. After a quick search it seems aptly is suitable.

reprepro has a `gensnapshot` command that might help to archive older
versions though.

> Before filling a wishlist bug, we should think about what the desired
> behavior is. Where should the .buildinfo be saved? How should they be
> indexed?

This is still pretty much in flux as we are still waiting for feedback
from the ftpmasters.

> IIRC the plan for dak was some separate tar-archive with all the
> .buildinfo files? Will it be signed?

The archive will not be signed directly, but its hash should be in the
Release file which is signed. The .buildinfo files themselves are signed
just like .dsc files.

> Is there some interface planed where I can get a single .buildinfo?

Maybe on <http://metadata.ftp-master.debian.org/>. Again, there are
still no definite answers at the moment. If you have suggestions, go

Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20160125/08a150c9/attachment.sig>

More information about the rb-general mailing list