[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] Proposal for new source format

On Tue, 2019-10-22 at 16:52 -0700, Russ Allbery wrote:
> That seems excessively pessimistic.  What about Git makes you think
> it's impossible to create a reproducible source package?

Has it been done?  Given this point has been raised several times
before if it hasn't been done by now I think it's reasonable to assume
it's difficult, and thinking that it's so is not excessively

I personally wonder how the mirrors are expected to handle .git
repositories.  That would increase the number of files they have to
handle by a couple of orders of magnitude.  What are the plans for
that?  Maybe you think that can handle it?  Maybe you plan to abandon
the mirror network in favour of something else like the CDN?  Maybe
you plan to remove the source from the mirrors?

Finally, there are more consumers of the source format than the Debian
packagers.  For example, I regularly download Debian source packages
just to figure why the hell something isn't working as I expect.  When
I do that, there are two things that are important to me:

1.  The download is as small as possible, and doesn't require a
    specialised tool.  (Github and gitlab go to the trouble of 
    providing just such as thing, which I think is evidence it's
    needed.)  The current format is pretty good in this area.  At
    a pinch you can get away without using deb-source to unpack it. 

2.  The point that has been raised here - reproducible builds of the
    source package.  By that I mean a reproducible build should be
    pure function that is given the upstream source package and some
    data in the form of patches or whatever, and ends up with the
    source and build instructions.  Being a pure function it always
    produces the same outputs give the same inputs.

    Unfortunately Debian doesn't always do a good job of this 
    currently, albeit for good reasons - we can't distribute the 
    upstream source package so DD's rebuild it, but they are allowed
    to do so in any way they please.

Any source format that handled the issues above would get the thumbs up
from me.  (Interestingly despite the hairs it has in other areas the
rpm source format have always done well on those issues.) 
Unfortunately Bastian's proposal doesn't address them directly.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: