[rb-general] Debian Buster will only be 54% reproducible (while we could be at >90%)

Holger Levsen holger at layer-acht.org
Mon Apr 29 18:38:46 CEST 2019

On Sat, Mar 09, 2019 at 09:15:34PM +0000, Dimitri John Ledkov wrote:
[packages uploaded before December 2016, which didnt see binNMU since
then, dont have a .buildinfo file (and were built with a dpkg which
produces unreproducible packages]
> So I guess after we release buster, we should do a mass-source-nmu
> no-change uploads to make the .deb reproducible as shipped in the
> archive.


I think I first want to have the numbers right (and then current) to see
how many packages are affected.

Also: a not so low percentages of packages is still uploaded as
non-source-only upload. I *believe* this should be fine (as nowadays the
upload contains the .buildinfo file of that developer build, so if a
package is reproducible this .buildinfo file can be taken).

> Is this thus then an effectively a maas bug-file request to
> sourcefully rebuild packages?

no, at least not yet.


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20190429/da05cc8a/attachment.sig>

More information about the rb-general mailing list