On Wed, Aug 28, 2019 at 05:07:00PM +0100, Ian Jackson wrote:
> In my proposal the source package is reproducible (in the
> "reproducible builds" sense) from the uploader's signed git tag.
i'm confused. 'reproducible builds' is about creating bit by bit
identical binaries from a given source.
if you are talking about re-creating bit by bit identical source
packages, that's fine, but nothing within the scope of reproducible
builds.
also, as a side note, we have tried to reproduce bit by bit identical
source packages, failed and moved on. it didnt seem trival when we
tried.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature