[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#816012: apt: Add flag to only allow installation of packages that have reproducible builds

Hi Julian,

In general I completely agree with you but I'd like to just to followup on a
few points for the benefit of anyone else coming across this bug report.

> > I'would like to be able to only allow the installation of packages that
> > have reproducible builds or at least to be informed of the packages that
> > don't.
>
> No chance. There's no metadata for that.

Agreed. However, we (the Reproducibible Builds team) have plans to have
metadata in a sane, distributed format that APT could potentially -- and
optionally! -- take into consideration.

The details are, of course, to be ironed out.

> Also reproducibility is a moving state. New instances where a "reproducible"
> package becomes unreproducible happen all the time.

In unstable and experimental, absolutely. In stable or testing, perhaps not?
Still, even being informed of the status in unstable could still be useful for
developers and other bleeding-edege users

So yes, whilst I 100% agree that this feature is a "no chance" right now, we
should remaain optimistic that can we can provide this to our users sometime in
the future.

:)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-
Reply to: