>If web-of-trust is the best solution, and the only blocker is build >reproducability, how about trying to classify build differences? > >Each of the differences will have a reason, and either we can fix the build >to be deterministic (e.g. timestamps, build paths), or we can classify a >class of changes as equivalent (e.g. optimalizations resulting in >equivalent code, prelinking).
Do we want to do something about Profile Guided Optimisation, for example? I think GCC builds itself with PGO after bootstrapping, and I don't know what other packages use some amount of unreproducible PGO. _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
