On Sat, Sep 14, 2019 at 01:34:49PM +0200, Aurelien Jarno wrote: > There is already a section about reproducibility in the debian-policy, > but it only mentions the binary packages. It might be a good idea to > add a new requirement that repeatedly building the source package in > the same environment produces identical .dsc file modulo the GPG > signature. > > I haven't checked how many packages do not fulfill this condition
please do check. last (and only) time we (=r-b) looked, it wasn't
practical at all. this was around 5 years ago, but I don't remember any
work done on improving this.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
