Bug#844431: Reproducibility in Policy

2017-08-12 Thread Holger Levsen
On Fri, Aug 11, 2017 at 08:35:47PM -0700, Russ Allbery wrote: > Daniel Kahn Gillmor writes: > > I don't like the idea of hard-coding a fixed build path requirement into > > debian policy. I don't *like* it neither but I think it's the sensible thing to do now. > > We're

Bug#844431: Reproducibility in Policy

2017-08-12 Thread Russ Allbery
Bill Allombert writes: > This require policy to define the build environment and build > instruction much more precisely than it does now, which does not seems > to be practical. Unless maybe if a reference implementation is provided. I don't see anything in this proposal

Bug#844431: Reproducibility in Policy

2017-08-12 Thread Bill Allombert
On Fri, Aug 11, 2017 at 04:08:47PM -0700, Sean Whitton wrote: > control: user debian-pol...@packages.debian.org > control: usertag = normative proposal > > Hello, > > Proposal: > > This is what Holger and I think we should add to Policy, after > readability tweaks: > > Packages

Bug#844431: Reproducibility in Policy

2017-08-12 Thread Johannes Schauer
Hi, Quoting Russ Allbery (2017-08-12 09:57:44) > I think we need to add all environment variables starting with DEB_* to > the prerequisites. If you set DEB_BUILD_OPTIONS=nostrip or > DEB_BUILD_MAINT_OPTIONS=hardening=all, you'll definitely get a different > package, for instance. > > I feel

Bug#844431: Reproducibility in Policy

2017-08-11 Thread Russ Allbery
Daniel Kahn Gillmor writes: > On Fri 2017-08-11 16:08:47 -0700, Sean Whitton wrote: >> - a version of a source package unpacked at a given path; > I don't like the idea of hard-coding a fixed build path requirement into > debian policy. We're over 80% with variable

Bug#844431: Reproducibility in Policy

2017-08-11 Thread Daniel Kahn Gillmor
Thanks for the proposal. I like it! A few nit-picks below: On Fri 2017-08-11 16:08:47 -0700, Sean Whitton wrote: > - a version of a source package unpacked at a given path; I don't like the idea of hard-coding a fixed build path requirement into debian policy. We're over 80% with

Bug#844431: Reproducibility in Policy

2017-08-11 Thread Russ Allbery
Sean Whitton writes: > Proposal: > This is what Holger and I think we should add to Policy, after > readability tweaks: > Packages should build reproducibly, which for purposes of this > document means that given > - a version of a source

Bug#844431: Reproducibility in Policy

2017-08-11 Thread Chris Lamb
Dear Sean & Holger, Thank you so much for working on this at the end of a tiring DebConf! > […] > Later, we could narrow the definition of build environment by adding > more constraints, but we're not there yet. That makes sense. Indeed, that even feels like the optimal approach as it allows

Bug#844431: Reproducibility in Policy

2017-08-11 Thread Sean Whitton
control: user debian-pol...@packages.debian.org control: usertag = normative proposal Hello, Proposal: This is what Holger and I think we should add to Policy, after readability tweaks: Packages should build reproducibly, which for purposes of this document means that given