On 10/05/26 06:47, Paul Gevers wrote:
Reproducibility
===============
Aided by the efforts of the Reproducible Builds project [1], we've decided it's
time to say that Debian must ship reproducible packages. Since yesterday, we
have enabled our migration software to block migration of new packages that
can't be reproduced [2] or existing packages (in testing) that regress in
reproducibility.
[1] https://reproducible-builds.org/
[2] on https://reproduce.debian.net/
Hi,
for the broader public maybe it is important to point out that the
concept of "Reproducibility" on reproduce.d.n is not the same as the
"Reproducibility" on reproducible-build.org.
"Reproducibility" as understood by reproduce.d.n and the tool
`debrebuild` means "Given a package (= a binary package, its source deb,
and its buildinfo file), it is possible to recreate a builddd-like build
environment as described in buildinfo, and the build process kickstarted
inside the unpacked source package will create a binary deb that is
bit-for-bit identical to the binary package".
The "Reproduciliby" of reproducible-build.org and tested by the tool
reprotest means "Given a package (= a binary package and its source deb)
it is possible to build it in many different environments, each of which
is slightly different from the previous one (for example uses a
different timezone, a different language, a different underlying file
system, etc) and each of these build processes will generate the a
binary deb that is bit-for-bit identical to the binary package".
The former is a simplified and more restricted form of the latter and it
is what is going to be required for future Debian packages IIUC.
Regards,
--
Gioele Barabucci
