Re: Compromising Debian Repositories
Timo Juhani Lindfors:
> adrelanos <firstname.lastname@example.org> writes:
>> Some Debian maintainers are working on deterministic builds, although
>> they call it reproducible builds, that's great! Link:
> Terminology is hard :) As mentioned in the bof we can make sure that the
> build is deterministic or we can record sources of randomness
> (gettimeofday calls etc.) and then replay then in subsequent
> builds. Would that still qualify as deterministic for you?
I am not nitpicking on the term. :) Any is fine. However you call it, I
am very excited about the fact, that there are people interested in it.
The end result would be the same? No security advantage/disadvantage for
one or another method? The latter method might pay off later and ease
porting more packages?