Re: Architecture independent binaries and building from source
debsums does not exist on non-Debian systems. md5sum can quickly and
easily show that my BSD system and my Debian system are running the
same version of a Java library if both are distributed with upstream's
architecture independent binary.
As a rule, we don't regenerate all files from source. We don't
generally, for example, regenerate configure (using autoconf) from
configure.ac even though it is possible. No one can sensibly suggest
that a shell script of twenty thousand lines is in source form. I
don't find it necessary to compulsively regenerate configure scripts.
I, likewise, don't find it necessary to regenerate architecture
independent binary distributions.
> The point of building from sources is to make sure that the binary is
> the result of building the given source. Anyway, I don't think your
> argument holds too much water. Anyone can just use `debsums` to check
> the entire system, including your package, with md5 hash.
> >If a package includes source as well as a platform independent binary
> >(any byte-code for example), is it *required* (i.e. policy MUST) that
> >the binary be rebuilt from source? To be DFSG free it certainly must
> >be possible to rebuild it from source.
> >My inclination is not to rebuild the binary. If possible I'd prefer to
> >redistribute a binary that is byte-for-byte identical with upstream's.
> >This, for example, allows a simple md5sum to show that two hosts have
> >identical versions of this software.
> >If rebuilding a platform independent binary from source is a policy
> >requirement, I'd appreciate a pointer to the relevant text.