[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromising Debian Repositories

Timo Juhani Lindfors:
> adrelanos <adrelanos@riseup.net> writes:
>> Some Debian maintainers are working on deterministic builds, although
>> they call it reproducible builds, that's great! Link:
>> https://wiki.debian.org/ReproducibleBuilds
> Terminology is hard :) As mentioned in the bof we can make sure that the
> build is deterministic or we can record sources of randomness
> (gettimeofday calls etc.) and then replay then in subsequent
> builds. Would that still qualify as deterministic for you?

I am not nitpicking on the term. :) Any is fine. However you call it, I
am very excited about the fact, that there are people interested in it.

The end result would be the same? No security advantage/disadvantage for
one or another method? The latter method might pay off later and ease
porting more packages?

Reply to: