[rb-general] Debian buster, 54% reproducible in practice (Re: Core Debian reproducibility: 57% and rising!)

Holger Levsen holger at layer-acht.org
Mon Mar 4 20:01:11 CET 2019


Hi John,

On Sat, Mar 02, 2019 at 02:31:41PM -0800, John Gilmore wrote:
> > Though without solving #894441 we cannot reach much higher than 80%=20
> > (because 93% is the current theoretic maximum, of which we need to=20
> > distract 12% binNMUs...)
> 
> Even without solving the general binNMU problem, can't you make more
> packages reproducible by eliminating those packages' dependencies on
> SOURCE_DATE_EPOCH?

in theory or in practice? because in theory (that is not in "pure
theory" but rather as in Debian sources packages distributed from
ftp.debian.org, so just "in theory" as in people use binary packages in
practice...) we are at 93%.

also, using SOURCE_DATE_EPOCH makes software reproducible, which was
reproducible before, using build dates.

independent of that, we also have approx 380 unapplied patches, see
https://tests.reproducible-builds.org/debian/stats_bugs_sin_ftbfs_state.png
or https://tests.reproducible-builds.org/debian/index_bugs.html
but if those were applied we'd probably 'just' go from 93% to 94%.

the reason why Debian "in practice" is only at 54% is not in the source
codes, but rather in Debian's workflows and processes. Where exactly, we
still need to discover. (besides the binNMU issue, which is clear, but
only accounting for 12%...)

> (I always thought that removing the date dependencies from the source
> code was better than patching over them with this environment variable.

sure.

> The challenge is when individual maintainers refuse to make their
> packages date-indepedent, 

actually, that's a small minority today.


-- 
tschau,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20190304/f0a96bbf/attachment.sig>


More information about the rb-general mailing list