Hi! While thinking one more time about the current specification for `.buildinfo` files , I remembered one unresolved question.
The `Build-Environment` field currently has the same syntax as `Built-Using`: a list of packages and their exact version. This works fine but might not be optimal. Some people suggested that we should record a checksum of the `.deb` installed as a way to unambiguously referring to a specific package. The main benefit that I can think of is that it would allow to directly retrieve the file from snapshot.debian.org based on the hash . But, as far as I know, this information is currently not recorded by dpkg and there is no way to know for sure which `.deb` has been used for a package currently installed. I have a couple of memories where this could have been useful outside of the aforementioned use case. From my limited knowledge of dpkg's internals, computing checksums and adding a new field to the status file doesn't seem hard to implement. What do you think? Would it such feature be a good addition to dpkg? I'm willing to spend time writing a patch. : https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification : https://anonscm.debian.org/cgit/mirror/snapshot.debian.org.git/plain/API URL: /file/<hash> -- Lunar .''`. lu...@debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-
Description: Digital signature
_______________________________________________ Reproducible-builds mailing list Reproducibleemail@example.com http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds