Evaluation of bundling .buildinfo in .deb proposal
chris at reproducible-builds.org
Tue Sep 1 16:58:03 UTC 2020
> - What was the original motivation of putting the size and checksum of the
> package into the buildinfo file? We aren't tracking this info in Arch Linux
> and it turned out we didn't need those fields to implement a rebuilder.
This was interesting to me as I think I am missing something about
your particular goals, Arch's build architecture, or Arch's approach
to Reproducible Builds.
Assuming that the purpose of a rebuilder is to independently validate
that you get the same result given some build environment (i.e. not
*simply* to rebuild, despite its name), without access to those checksums,
how do you know if the output from a rebuilder counts as "valid" or not?
(I might guess that you are getting them from somewhere else, but some
clarification might be useful here.)
> Sorry for being rather Arch centric in this email, but I think it's a good idea
> to ensure you're familiar with how other distros solved the problem that
> debian is facing since a few years.
Nothing to apologise for. However, as I alluded to above, it may be
that Debian has different goals, rather than this is Debian being
obstinate and unwilling to look at other distributions' solutions that
you may have inadvertently been implying.
⬋ ⬊ Chris Lamb
o o reproducible-builds.org 💠
More information about the rb-general