Re: Raising the severity of reproduciblity issues to "important"
On Fri, 01 Sep 2017 at 09:40:25 +0000, Holger Levsen wrote:
> On Fri, Sep 01, 2017 at 09:26:44AM +0300, Adrian Bunk wrote:
> > AFAIK the only place where we currently still need binary packages that
> > have been built on a maintainer machine is for [...]
>
> the fun part is that once a package builds bit by bit identically, it doesnt
> matter anymore where it's been built…! :-)
The problem with maintainer-built binaries around NEW is that if they
wait in the NEW queue for (let's say) 1 month, then by the time they
reach the archive, they were built with a 1 month old toolchain and
build-dependencies, not an up-to-date toolchain and dependencies.
Reproducible builds don't help with this, because a package can
typically only be reproducible when holding the toolchain and
dependencies constant.
S
Reply to: