Re: Upstream Tarball Signature Files

Guillem, On Tue, Aug 8, 2017 at 1:48 AM, Guillem Jover wrote: > Hi! > > On Mon, 2017-08-07 at 20:26:41 -0700, Paul Hardy wrote: > > Also, where signature files are desired, I think it would be beneficial > to > > also accept binary ".sig" files... > > There is no need for

Bug#844431: Revised patch: seeking seconds

Bill Allombert: > On Tue, Aug 15, 2017 at 01:00:00PM -0700, Russ Allbery wrote: >> Adrian Bunk writes: >> >>> Future policy versions might change this definition, but whatever latest >>> policy states has to be the definition used by both packages and the >>> reproducible builds

Bug#844431: Revised patch: seeking seconds

On Wed, Aug 16, 2017 at 10:24:07AM +, Mattia Rizzolo wrote: > On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk wrote: > > > Tracker: > > https://tracker.debian.org/pkg/hsqldb1.8.0 > > "Does not build reproducibly during testing" > > And indeed it's not reproducible according to

Bug#844431: Revised patch: seeking seconds

Adrian Bunk: > On Wed, Aug 16, 2017 at 10:24:07AM +, Mattia Rizzolo wrote: >> On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk wrote: >> >>> Tracker: >>> https://tracker.debian.org/pkg/hsqldb1.8.0 >>> "Does not build reproducibly during testing" >> >> And indeed it's not

Bug#844431: Revised patch: seeking seconds

On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk wrote: > Tracker: > https://tracker.debian.org/pkg/hsqldb1.8.0 > "Does not build reproducibly during testing" > And indeed it's not reproducible according to policy: it's storing the build user at the very least. > > Let's look at

Bug#844431: Revised patch: Oppose

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, Aug 12, 2017 at 03:34:35PM -0700, Sean Whitton wrote: >... > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index 127b125..6e32870 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -661,6 +661,28 @@

Bug#844431: Revised patch: seeking seconds

On Wed, Aug 16, 2017 at 11:37:00AM +, Ximin Luo wrote: > Adrian Bunk: > > On Wed, Aug 16, 2017 at 10:24:07AM +, Mattia Rizzolo wrote: > >> On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk wrote: > >> > >>> Tracker: > >>> https://tracker.debian.org/pkg/hsqldb1.8.0 > >>> "Does

Bug#844431: Revised patch: seeking seconds

Adrian Bunk: > On Wed, Aug 16, 2017 at 11:37:00AM +, Ximin Luo wrote: >> [..] >> >> Fair enough. I actually spotted that but thought it was better to get >> "something" into Policy rather than nitpick. I guess other people were >> thinking similar things. Well, lesson learnt, I will be more

Bug#844431: Revised patch: seeking seconds

On Wed, Aug 16, 2017 at 03:43:00PM +, Ximin Luo wrote: > Adrian Bunk: > > On Wed, Aug 16, 2017 at 11:37:00AM +, Ximin Luo wrote: > >> [..] > >> > >> Fair enough. I actually spotted that but thought it was better to get > >> "something" into Policy rather than nitpick. I guess other people

Bug#844431: Revised patch: Oppose

Adrian Bunk writes: > I hereby oppose the addition of this to policy. > It is not true that this would be "Debian's precisification" of > reproducible builds. > The definition does not match any past, present or future practice in > Debian. > Including the people who want this

Bug#844431: Revised patch: seeking seconds

Hi Bill, > Now compare with reproducible build. You get some error report you > cannot reproduce, do some change following the help provided and > hope for the best. Then some day later you get the same error > report. I'd dearly love to know when/where this occurred if you can provide a

Bug#844431: Revised patch: Oppose

Bill Allombert writes: > On Wed, Aug 16, 2017 at 12:14:53PM -0700, Russ Allbery wrote: >> If you have specific wording suggestions that you believe would bring >> this Policy requirement closer in line with what we're already doing in >> the project (and which has gotten us

Bug#844431: Revised patch: seeking seconds

On Wed, Aug 16, 2017 at 09:36:04AM -0700, Russ Allbery wrote: > Note that, for most developers, this is pretty much equivalent to the > current situation with FTBFS on, say, s390 architectures. Or even issues > with running under whichever init system is not the one the maintainer > personally

Bug#844431: Revised patch: Oppose

On Wed, Aug 16, 2017 at 09:30:23AM -0700, Russ Allbery wrote: > As Policy Editor (a delegated position), based on my read of project > consensus including in-person verification of that consensus at DebConf > 17, I am formally declaring that I believe this change has consensus > despite your

Bug#844431: Revised patch: Oppose

Bill Allombert writes: > This is one of the reasons I do not attend DebConf anymore. We are an > online organization. Consultation should happen online. Metting are nice > but they should not be used to vet consensus and ignore absentees. > So I object to Adrian being

Bug#844431: Revised patch: Oppose

Just to be completely, 100% clear: I will not be responding further to this line of argument in this bug. If you disagree with my decision as a project delegate, I've spelled out your possible next steps under Debian's governance process. -- Russ Allbery (r...@debian.org)

Bug#844431: Revised patch: Oppose

On Wed, 16 Aug 2017, Bill Allombert wrote: > But as a technical document, it is lacking practical recommendation > for maintainers how to make sure their package build reproducibly The practical recommendations for maintainers are encoded separately, as they're evolving. See

Bug#844431: Revised patch: seeking seconds

Ximin Luo writes: > Fair enough. I actually spotted that but thought it was better to get > "something" into Policy rather than nitpick. I guess other people were > thinking similar things. Well, lesson learnt, I will be more forceful > next time. > The sentence I amended

Bug#844431: Revised patch: Oppose

On Wed, Aug 16, 2017 at 09:30:23AM -0700, Russ Allbery wrote: >... > This text is a formalization and simplification of existing practice that > we worked out in conjuction with the reproducible builds team and that > strikes a balance between attempting to enumerate all the causes of >

Bug#844431: Revised patch: seeking seconds

Adrian Bunk: > On Wed, Aug 16, 2017 at 03:43:00PM +, Ximin Luo wrote: >> Adrian Bunk: >>> On Wed, Aug 16, 2017 at 11:37:00AM +, Ximin Luo wrote: [..] Fair enough. I actually spotted that but thought it was better to get "something" into Policy rather than nitpick. I

Bug#844431: Revised patch: seeking seconds

Bill Allombert writes: > I am still concerned that there will be no reliable way for maintainers > to check whether a package is reproducible according to policy before > uploading it to the archive. Ximin answered this, but I also wanted to note that while having such a

Bug#844431: Revised patch: seeking seconds

Bill Allombert: > On Tue, Aug 15, 2017 at 07:49:55PM +, Holger Levsen wrote: >> Also what you are saying ("a package that is reproducible according to the >> policy definition must not show up as non-reproducible in tracker/DDPO based >> on results from the reproducible infrastructure") doesnt

Bug#844431: Revised patch: seeking seconds

Bill Allombert writes: > On Wed, Aug 16, 2017 at 09:36:04AM -0700, Russ Allbery wrote: >> Note that, for most developers, this is pretty much equivalent to the >> current situation with FTBFS on, say, s390 architectures. Or even >> issues with running under whichever init

Bug#844431: Revised patch: seeking seconds

Russ Allbery: > Ximin Luo writes: > >> Fair enough. I actually spotted that but thought it was better to get >> "something" into Policy rather than nitpick. I guess other people were >> thinking similar things. Well, lesson learnt, I will be more forceful >> next time. >

Bug#844431: Revised patch: Oppose

On Wed, Aug 16, 2017 at 12:14:53PM -0700, Russ Allbery wrote: > If you have specific wording suggestions that you believe would bring this > Policy requirement closer in line with what we're already doing in the > project (and which has gotten us to 94% reproducible already), please make > them.

Bug#844431: Revised patch: Oppose

On Wed, Aug 16, 2017 at 12:19:47PM -0700, Don Armstrong wrote: > On Wed, 16 Aug 2017, Bill Allombert wrote: > > But as a technical document, it is lacking practical recommendation > > for maintainers how to make sure their package build reproducibly > > The practical recommendations for