Two questions about build-path reproducibility in Debian

Mon Mar 4 20:37:06 UTC 2024

On Mon, Mar 04, 2024 at 11:52:07AM -0800, John Gilmore wrote:
> Why would these become "wishlist" bugs as opposed to actual reproducibility bugs
> that deserve fixing, just because one server at Debian no longer invokes this
> bug because it always uses the same build directory?

because it's "not one server at Debian" but what many ecosystems do: build in an
deterministic path (eg /$pkg/$version or whatever) or record the path as part
of the build environment, to have it deterministic as well.

in the distant past, before namespacing become popular, using a random path
was a solution to allow parallel builds of the same software & version.

and yes, this is a shortcut and a tradeoff, similar to demanding to build 
in a certain locale. also it makes reproducibilty from around 80-85% of all 
packages to >95%, IOW with this shortcut we can have meaningful reproducibility
*many years* sooner, than without.

and I'd really rather like to see Debian 100% reproducible in 2030, than in 2038.
and some subsets today, or much sooner.

-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Homophobia is a sin against god.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240304/bf7a11c6/attachment.sig>