On Fri, Aug 11, 2017 at 08:35:47PM -0700, Russ Allbery wrote: > Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > > I don't like the idea of hard-coding a fixed build path requirement into > > debian policy. I don't *like* it neither but I think it's the sensible thing to do now. > > We're over 80% with variable build paths in unstable > > already, and i want to keep the pressure up on this. The build location > > should not influence the binary output. I'd like to keep the pressure on this but and I think we can still that while OTOH also trying to get closer to 100% first+too. With build path variation reaching the worthwhile goal of having >98% reproducible builds will be delayed by 1-2 years at least, so this is a classic "perfect is the enemy of good". I don't do reproducible builds for purely academic reasons, I foremost want them to increase the security of user systems. > It shouldn't, but my understanding is that it currently does. If you can > fix that, that's great, but until that's been fixed, I don't see the harm > in documenting this as a prerequisite for a reproducible build. If we can > relax that prerequisite later, great, but nothing about listing it here > should reduce the pressure on making variable build paths work. It just > documents the current state of the world. exactly. -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature