Re: Building packages three times in a row
Martin Uecker <firstname.lastname@example.org> writes:
> Patrick Winnertz wrote:
>> Am Dienstag, 18. September 2007 21:12:44 schrieb Julien Cristau:
>> > > Hmmhh, what do you do about programs etc that encode the build-time in
>> > > the binary? I mean they obviously will change between builds?
>> > Hopefully they don't encode the build-time in the file list?
>> We checked not for files which differ, but only for files which are missing
>> in the first package. or which are missing in the second package.
> I think it would be really cool if the Debian policy required
> that packages could be rebuild bit-identical from source.
> At the moment, it is impossible to independly verify the
> integricity of binary packages.
Some tools use randomization to get out of worst case situations or
general optimization. For example when you look for an optimal
allocation of register usage you can do a search by picking a random
register allocation and repeat that a few thousand times to find a
suitable minimum. Or a randomized heap that gives you O(1) time for
all operations instead of O(lg n).
By requiring bit-to-bit identical results you eliminate all such
randomness and could seriously hinder the algorithm available for
Plus any bugfix in a tool will likely break it anyway as mentioned in