On Tue, Jan 09, 2018 at 03:07:01PM +0100, Johannes Schauer wrote: > Such a header could be introduced but that would be undesirable for two > reasons:
> - it would make it hard to check whether the binary packages a source package > produces are really not different with a certain build profile active. > Right > now, because of the lack of such a header, we can use the tools from the > reproducible builds project to verify that a build profile does not tamper > with package contents > - right now, a package is uniquely defined by dependency solvers through > their > the name/version/architecture tuple. It would be possible to make this a > quadruplet and let packages be unique by their > name/version/architecture/profile property but that would require massive > changes in even more parts of our infrastructure than the introduction of > build profiles already required. I think this is an unfortunate case of designing the solution to fit the particular set of tools. Build profiles, as a general thing (which they are supposed to be - this is a major reason support took as long to land in dpkg as it did!), are significantly less usable if the build profile doesn't follow the resulting .deb as a tag. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: PGP signature