On Friday, 30 March 2018 15:02:31 CEST Chris Lamb wrote: > [ https://lists.debian.org/debian-security/2017/05/msg00011.html ] On Friday, 30 March 2018 20:15:33 CEST Sven Joachim wrote: > [ https://bugs.debian.org/843773 ] Thanks a lot guys for pointing out that issue! Basically, when doing bin-nmus, we really want to bump the mtime of the distributed files. Not doing so results in some backups programs (rsync...) to loose updates. Other programs restarting services on libraries updates (needrestart...) would also be affected. So, during compilation: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries because it breaks Multi-Arch:same on bin-nmu. During dpkg-deb (: SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries because it would break software relying on files mtime. Doh! In https://bugs.debian.org/843773#75 Ian Jackson propose to introduce a BUILD_DATE_EPOCH (= time of sbuild binnmu invocation) be prefered over SOURCE_DATE_EPOCH by dpkg-deb. That would work, wouldn't it?
Description: This is a digitally signed message part.