Package: devscripts Version: 2.14.2 Severity: wishlist User: [email protected] Usertags: mk-origtargz
Whenever mk-origtargz is repacking a zipball, it should zero out the timestamps in the tar format so that the process produces the same tarball every time it runs. This can be done using tar's --mtime= flag. Additionally, it would be very useful if mk-origtargz also had a --mtime option which forced the tarball to be repacked using the date given to the --mtime="Wed Oct 28 10:12:27 2015 -0700" flag. Here's an example of how to do that in perl: https://stackoverflow.com/a/16728218 This gets us ever closer to the goals of reproducible builds, where we can guarantee that a given original source code, the resulting binaries are always the same. For more on that topic: https://reproducible-builds.org/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
