On Mon, Nov 14, 2016 at 05:44:22AM +0900, Daniel Kahn Gillmor wrote: > >> Multiple builds of the same source package will set SOURCE_DATE_EPOCH to > >> the same value but will result in a different Build-Date. > It is definitely not what most of us initially expected, but it is > actually what we want. [...] > In short, we *want* buildinfos to vary, while we want the generated > binary artifacts to be reproducible. well. our reasoning a year ago for identical buildinfo files (for different builds of the same package) was the idea, that multiple people could sign these buildinfo files to confirm they could reproduce these builds. having different buildinfo files to confirm identical builds makes confirming a bit harder. OTOH this will safe us from dealing with detached signatures as all buildinfo files can just be signed inline. -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature