On Fri, Aug 11, 2017 at 04:08:47PM -0700, Sean Whitton wrote: > control: user debian-pol...@packages.debian.org > control: usertag = normative proposal > > Hello, > > ==== Proposal: ==== > > This is what Holger and I think we should add to Policy, after > readability tweaks: > > Packages should build reproducibly, which for purposes of this > document means that given > > - a version of a source package unpacked at a given path; > - a set of versions of installed build-dependencies; and > - a build architecture, > > repeatedly building the source package on the architecture with those > versions of the build dependencies installed will produce bit-for-bit > identical binary packages. > > ==== Explanation: ==== > > The definition from the reproducible builds group[1] says: > > A build is reproducible if given the same source code, build > environment and build instructions, any party can recreate > bit-by-bit identical copies of all specified artifacts. > > The relevant attributes of the build environment, the build > instructions and the source code as well as the expected > reproducible artifacts are defined by ... distributors. > > i.e. Debian has to define the build environment, source code and build > instructions. I think that my wording defines these as Debian currently > understands them.
This require policy to define the build environment and build instruction much more precisely than it does now, which does not seems to be practical. Unless maybe if a reference implementation is provided. Cheers, -- Bill. <ballo...@debian.org> Imagine a large red swirl here.