Hi Jonathan, On 29 December 2014 at 06:29, Jonathan McCune <jonmcc...@google.com> wrote: >> One solution would be to: >> * build deterministically by default by using a constant timestamp, and > > I think doing this by default would be a poor choice, as most of the time > during development it is very useful to easily identify which version / > build / experiment / etc is in use.
I agree that during development, timestamps might be useful. Although I've never found them particularly helpful myself -- they aren't as easy as, say, having a text file sitting in the same directory saying which git commit it is. In fact, including the git commit somewhere in the binary would be both more helpful and deterministic. (I am happy to supply a patch for this.) Have you ever used time stamps? >> * add a --with-timestamps option (disabled by default), which would >> enable honest timestamps. >> >> What do you think? Are you accepting patches? > > The availability of a flag to explicitly set a specific timestamp for the > purpose of reproducing a build, seems sane to me. I don't think I would > enable it by default. Sorry to be stubborn on this point, but I think it's quite important. If most people are using deterministic builds, then it becomes much easier for people to audit against each other's computers. At the moment, when I do audits with Grub, I have to ask my colleagues/friends to zero out the timestamp. It makes the conversation longer, which makes me feel reluctant to inconvenience them. So I end up doing a less thorough audit. This kind of audit scenario arises frequently (or at least, it ought to) in work with NGOs, journalists, law firms, etc. Bottom line: I think there is an important social benefit to dropping timestamps by default. I'm not convinced timestamps are used much by developers, and there are better alternatives such as git-commits. Cheers, Andrew _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
