Two questions about build-path reproducibility in Debian
James Addison
jay at jp-hosting.net
Mon Mar 11 18:24:22 UTC 2024
Hi folks,
On Wed, 6 Mar 2024 at 01:04, James Addison <jay at jp-hosting.net> wrote:
> [ ... snip ...]
>
> The Debian bug severity descriptions[1] provide some more nuance, and that
> reassures me that wishlist should be appropriate for most of these bugs
> (although I'll inspect their contents before making any changes).
Please find below a draft of the message I'll send to each affected bugreport.
Note: I confused myself when writing this; in fact Salsa-CI reprotest _does_
continue to test build-path variance, at least until we decide otherwise.
--- BEGIN DRAFT ---
Because Debian builds packages from a fixed build path, customized build paths
are _not_ currently evaluated by the 'reprotest' utility in Salsa-CI, or during
package builds on the Reproducible Builds team's package test infrastructure
for Debian[1].
This means that this package will pass current reproducibility tests; however
we still believe that source code and/or build steps embed the build path into
binary package output, making it more difficult that necessary for independent
consumers to confirm whether their local compilations produce identical binary
artifacts.
As a result, this bugreport will remain open and be assigned the 'wishlist'
severity[2].
...
[1] - https://tests.reproducible-builds.org/debian/reproducible.html
[2] - https://www.debian.org/Bugs/Developer#severities
--- END DRAFT ---
More information about the rb-general
mailing list