Re: Debian python package bytecode compatibility
On Wed, Sep 29, 2021 at 12:42:56PM -0600, Sam Hartman wrote:
> There's a chain of signatures for the installed files, and so you could
> presumably validate that the installed files have not been modified.
> That is much more challenging for files generated from the postinst.
I wondered about reproducibility of Python bytecode, and from a quick
web-search before the children's bedtime I ran across a couple of links
that look interesting to pursue:
https://bugs.python.org/issue29708
https://vulns.xyz/2021/08/reproducible-python-bytecode/
I couldn't find anything under Debian's reproducible builds banner (it
is after all slightly outside the usual area of building reproducible
.debs), but maybe I missed something.
--
Colin Watson (he/him) [cjwatson@debian.org]
Reply to: