On Fri, Aug 11, 2017 at 04:08:47PM -0700, Sean Whitton wrote:
> control: user debian-pol...@packages.debian.org
> control: usertag = normative proposal
> Hello,
> ==== Proposal: ====
> This is what Holger and I think we should add to Policy, after
> readability tweaks:
>     Packages should build reproducibly, which for purposes of this
>     document means that given
>     - a version of a source package unpacked at a given path;
>     - a set of versions of installed build-dependencies; and
>     - a build architecture,
>     repeatedly building the source package on the architecture with those
>     versions of the build dependencies installed will produce bit-for-bit
>     identical binary packages.
> ==== Explanation: ====
> The definition from the reproducible builds group[1] says:
>     A build is reproducible if given the same source code, build
>     environment and build instructions, any party can recreate
>     bit-by-bit identical copies of all specified artifacts.
>     The relevant attributes of the build environment, the build
>     instructions and the source code as well as the expected
>     reproducible artifacts are defined by ... distributors.
> i.e. Debian has to define the build environment, source code and build
> instructions.  I think that my wording defines these as Debian currently
> understands them.

This require policy to define the build environment and build
instruction much more precisely than it does now, which does not
seems to be practical. Unless maybe if a reference implementation
is provided.

Bill. <ballo...@debian.org>

Imagine a large red swirl here. 

Reply via email to