hussein-awala commented on code in PR #35871: URL: https://github.com/apache/airflow/pull/35871#discussion_r1405482513
########## dev/README_RELEASE_PROVIDER_PACKAGES.md: ########## @@ -667,6 +667,102 @@ docker run --rm --entrypoint "airflow" local/airflow info docker image rm local/airflow ``` +### Reproducible package builds checks + +For provider packages we introduced a reproducible build mechanism - which means that whoever wants +to use sources of Airflow from the release tag, can reproducibly build the same "wheel" and "sdist" +packages as the release manager and they will be byte-by-byte identical, which makes them easy to +verify - if they came from the same sources. This build is only done using released dependencies +from PyPI and source code in our repository - no other binary dependencies are used during the build +process and if the packages produced are byte-by-byte identical with one that we can do from tagged sources Review Comment: ```suggestion process and if the packages produced are byte-by-byte identical with the one we create from tagged sources ``` Or ```suggestion process and if the packages produced are byte-by-byte identical with the one we build from tagged sources ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
