Package: dpkg
Version: 1.18.3
Severity: wishlist

Hi dpkg people,

in the context of allowing to recreate the same build-environment of a
past build we would need to know which packages where installed.
Currently we rely on (pkgname, arch, version) tuples to uniquely
identify a binary package, but as you can easily imagine this is not
unique at all, definitly not in the multi distro universe, possibly not
even across suites.
This can also help quite some higher level package manager to identify
which archive is providing the installed package, as David Kalnischkies
pointed out in

I would think to just add a field in /var/lib/dpkg/status but YMMV and
I'm happy with everything.

As a side effect this allows enables anyone easily whether a package
came from the Debian archive or from somewhere else.

This matter was already briefly discussed in ML, and ended up with some
open questions in so
let's file this bug to way easily track it.

To me it seems that:
* we are mostly interested in the hash of the whole container: all the
  use cases highlighted above would require this;
* If ↑ then the hash can't be pre-computed and stored inside the

Thanks in advance for everything!

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:                              : :'  :
Launchpad user:                  `. `'`
Debian QA page:  `-

Attachment: signature.asc
Description: PGP signature

Reproducible-builds mailing list

Reply via email to