citests vs. (verification |re)builds

Vagrant Cascadian vagrant at reproducible-builds.org
Tue Nov 15 01:03:05 UTC 2022


On 2022-11-13, Vagrant Cascadian wrote:
> On 2022-11-13, kpcyrd at archlinux.org wrote:
>> On 11/13/22 22:59, Vagrant Cascadian wrote:
>> They both serve different purposes, Build Environment Fuzzing helps 
>> detect issues before they show up during Verification Builds but can 
>> also mislead, if you already have a diverse set of Verification Builders 
>> and they never run into the issue, is there an issue to begin with?
>
> With normalized build environments, this is significantly less of an
> issue... so I can see what you are getting at!
>
> Here are some other angles to consider...
>
> Doing two consecutive builds and comparing them is really helpful to see
> if toolchain fixes actually worked or not, without re-uploading all the
> packages to the "official" archive; doing verification builds would
> necessarily use the unfixed toolchains of the original .buildinfo file.

It also just occured to me the importants of regression testing to see
if toolchain updates break reproducibility... perhaps even more
important that checking for fixes.


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20221114/6e94f386/attachment.sig>


More information about the rb-general mailing list