Bug#844431: Packages should be reproducible
Henrique de Moraes Holschuh wrote:
> I don't think there will be much of a contention about this.
Great :)
> Please propose wording (i.e. the diff to the policy text), but
> I recommend that you do *not* use "should" or "must" to make such
> reproducibility mandatory right now.
Completely agreed. Any requirement would be counter-productive and
ultimately premature at this stage.
I've attached an initial wording to get us going. I'm not 100% convinced
with it myself but it should help start any discussion in this area.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
diff --git a/policy.sgml b/policy.sgml
index ee1e9f4..fd7c3d7 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -2503,6 +2503,20 @@ endif
multiple times to generate different binary packages).
</p>
</sect>
+
+ <sect id="readmesource">
+ <heading>Reproducibility</heading>
+
+ <p>
+ It is recommended that packages build in a reproducible manner, ie.
+ bit-for-bit identical binaries are always generated from a given
+ source.
+ </p>
+
+ <p>
+ In the future, this will become a requirement.
+ </p>
+ </sect>
</chapt>
Reply to: