Irregular status update about reproducible Debian live ISO images

[Ian Kelling]

Ian Kelling <iank at fsf.org> writes:

> On Wed, Mar 19, 2025 at 06:20:31PM +0100, Roland Clobus wrote:
>> Single line summary: 100% reproducible live images for bookworm
>
> Unfortunately, this isn't quite right.

It turns out that I was wrong and misunderstood. When I read that the
live image was 100% reproducible, I thought: well, live images are
mainly just #1: a set of packages to install #2, a OS filesystem (which
is mainly just installed packages). So, I assumed that calling the live
image 100% reproducible would mean that the packages would be
reproducible. But, now I realize that from a technical perspective,
since building all or almost all of the included packages is not part of
the image build process, it makes sense to say an image is reproducible
without the assumption that it refers to the packages being
reproducible. To refer to the reproducibility of the image plus its
packages, you just have to say something like that.

Perhaps this will help other people who have the same misunderstanding.

On the other hand, when referring to building of Debian packages
themselves, if a package includes a binary that was built separately and
not reproducibly, I don't think it makes sense to call that package
reproducible unless you somehow indicate that the reproducible part does
not include building from source code, because usually, that is what is
being talked about.

-- 
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org