[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving towards a deb-buildinfo(5) Format 1.0

On Mon, Nov 14, 2016 at 05:44:22AM +0900, Daniel Kahn Gillmor wrote:
> >> Multiple builds of the same source package will set SOURCE_DATE_EPOCH to
> >> the same value but will result in a different Build-Date.
> It is definitely not what most of us initially expected, but it is
> actually what we want.
> In short, we *want* buildinfos to vary, while we want the generated
> binary artifacts to be reproducible.

well. our reasoning a year ago for identical buildinfo files (for
different builds of the same package) was the idea, that multiple people
could sign these buildinfo files to confirm they could reproduce these

having different buildinfo files to confirm identical builds makes
confirming a bit harder.

OTOH this will safe us from dealing with detached signatures as all
buildinfo files can just be signed inline.


Attachment: signature.asc
Description: Digital signature

Reply to: