[rb-general] lzip/plzip alternatives
Daniel Shahaf
d.s at daniel.shahaf.name
Tue Apr 18 22:43:05 CEST 2017
Sylvain wrote on Tue, Apr 18, 2017 at 21:50:23 +0200:
> This means that if I produce my tarball using 'tar -c --lzip' or
> 'tar -c | lzip', depending on whether plzip is installed or not, I
> will silently get a different output.
>
> Should I file a bug report against the plzip package?
> What severity would you recommend?
It's perfectly fine for lzip and plzip not to produce identical output
to each other; whichever of them was *actually used* by the build should
be recorded in the .buildinfo file, which would enable reproducing that
particular build. (That's exactly analogous to a "gzip 1.3 and gzip 1.4
produce different outputs for identical inputs" situation.)
So, I don't think a bug against plzip would be warranted. However, the
.buildinfo format should record not only the versions of lzip and plzip,
but also the value of the /usr/bin/lzip alternative. If it doesn't,
then _this_ would be worth a wishlist bug (against dpkg, I think?).
Another thing that _would_ be worth a bug report is if the output of
lzip was non-deterministic; that is: if the value of "`echo foo | lzip
-c`" was different when computed twice, or depended on the username
/ hostname / etc (see https://tests.reproducible-builds.org/debian/index_variations.html).
> (Bonus question: is it theoretically possible to have such tools pairs
> (gz/pigz, xz/pgz, lzip/plzip) produce the same output? :))
Theoretically? Yes. Whether that'd be a good idea is another question.
Cheers,
Daniel
More information about the rb-general
mailing list