[ Just few comments to complement josch's veyr nice reply, with which I
completely agree with. ]
On Thu, 2018-01-11 at 00:47:28 +0100, Johannes Schauer wrote:
Quoting Steve Langasek (2018-01-10 21:49:02)
> As a policy, I think it's clear that packages built with non-default profiles
> should never be included in the Debian archive;
Why? By enforcing (via a policy and checkable via reproducible builds)
that the
binary packages that are being built with one (possibly empty) set of
build
profiles active are bit-by-bit identical to those built with a
different set of
build profiles active, it doesn't matter whether a given binary
package was
built with either set.
Yes, and in addition this information is recorded in both .changes
and .buildinfo files. I was initially among the ones wanting this
information in the .debs to be able to trace it, but the need
disappeared when we introduced .buildinfo files, because then we've
got the upload specific recording for the archive processor (.changes),
and the supposedly public facing record of what was done during the
build (.buildinfo), although the later can never be fully trusted
anyway. :)