Re: Building packages three times in a row

[Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>]

Martin Uecker <muecker@gmx.de> writes:

> Patrick Winnertz wrote:
>> Am Dienstag, 18. September 2007 21:12:44 schrieb Julien Cristau:
>> > > Hmmhh, what do you do about programs etc that encode the build-time in
>> > > the binary? I mean they obviously will change between builds?
>> >
>> > Hopefully they don't encode the build-time in the file list?
>> We checked not for files which differ, but only for files which are missing 
>> in the first package. or which are missing in the second package.
>>
>
> I think it would be really cool if the Debian policy required
> that packages could be rebuild bit-identical from source. 
> At the moment, it is impossible to independly verify the
> integricity of binary packages.
>
>
> Greetings,
> Martin

Some tools use randomization to get out of worst case situations or
general optimization. For example when you look for an optimal
allocation of register usage you can do a search by picking a random
register allocation and repeat that a few thousand times to find a
suitable minimum. Or a randomized heap that gives you O(1) time for
all operations instead of O(lg n).

By requiring bit-to-bit identical results you eliminate all such
randomness and could seriously hinder the algorithm available for
tools.

Plus any bugfix in a tool will likely break it anyway as mentioned in
other mails.

MfG
        Goswin