* On 29 Mar 2016, Petr Pisar wrote: > On Tue, Mar 29, 2016 at 11:46:27AM -0700, Will Yardley wrote: > > Just wondering if folks think it would be desirable to make the date > > string in the build version configurable. I am not a big security > > through obscurity fan, but I just find it messy looking to have the date > > there.
You can override User-Agent (my_hdr User-Agent) to block that, so in a sense we already support this at runtime. I'm not very concerned with its presence in the U-A header from a maintenance perspective though. > People around `reproducible builds' would welcome a compile time > option to set the build time stamp to a fixed immutable string. See > <https://reproducible-builds.org/specs/source-date-epoch/>. I'm open to this, call it +0, but don't see it as a priority. (In other words, contributions welcome.) Note that a lot more work is involved in meeting all the properties in Debian's document. First among them: determine and implement a reliable means of capturing the time that the source was last modified: The value SHOULD be set to the last modification time of the source, incorporating any packaging-specific modifications. For example, in Debian, the timestamp of the latest entry in debian/changelog. To meet that, we need to determine whether files have been changed since the latest commit, and then capture either the latest commit date or the latest file mtime accordingly. -- David Champion • d...@bikeshed.us
signature.asc
Description: PGP signature
