[rb-general] lzip/plzip alternatives

Daniel Shahaf d.s at daniel.shahaf.name
Tue Apr 18 22:43:05 CEST 2017


Sylvain wrote on Tue, Apr 18, 2017 at 21:50:23 +0200:
> This means that if I produce my tarball using 'tar -c --lzip' or
> 'tar -c | lzip', depending on whether plzip is installed or not, I
> will silently get a different output.
> 
> Should I file a bug report against the plzip package?
> What severity would you recommend?

It's perfectly fine for lzip and plzip not to produce identical output
to each other; whichever of them was *actually used* by the build should
be recorded in the .buildinfo file, which would enable reproducing that
particular build.  (That's exactly analogous to a "gzip 1.3 and gzip 1.4
produce different outputs for identical inputs" situation.)

So, I don't think a bug against plzip would be warranted.  However, the
.buildinfo format should record not only the versions of lzip and plzip,
but also the value of the /usr/bin/lzip alternative.  If it doesn't,
then _this_ would be worth a wishlist bug (against dpkg, I think?).

Another thing that _would_ be worth a bug report is if the output of
lzip was non-deterministic; that is: if the value of "`echo foo | lzip
-c`" was different when computed twice, or depended on the username
/ hostname / etc (see https://tests.reproducible-builds.org/debian/index_variations.html).

> (Bonus question: is it theoretically possible to have such tools pairs
>  (gz/pigz, xz/pgz, lzip/plzip) produce the same output? :))

Theoretically?  Yes.  Whether that'd be a good idea is another question.

Cheers,

Daniel


More information about the rb-general mailing list