>That would be great if we had deterministic build outputs, but we currently
>have no easy way of determining whether a binary cache is corrupt or
>whether a build was nondeterministic.
Well, given five binary caches 4:1 and 2:2:1 hash distributions would
give some information.
And in some
>A web-of-trust type approach is what I have previously heard discussed. In
>the context of such an approach, I have three things to say in support of
>my proposal.
>3. In those first two points, I claim some advantage relative to a
>web-of-trust style approach. However, both ideas are fully
As Nicolas pointed out after we have presented our plan of attacking
this problem (and as it was mentioned by Dan here), builds are only
locally-reproducible.
There is no guarantee that a build built by my machine and your
machine will yield the same hash.
It got me thinking -
1. Did anybody
I have no opinion on this feature specifically, but re #3: avoiding a feature
in order to keep things in a poor enough state so that users care about the
issues you think they should care about is highly patronizing and a terrible
way for developers to relate to users. It is incidentally
I agree there is no conflict between your proposal and my suggestion.
The reason I mentioned it is that I do not like the idea of relying on
a single trusted party for security (to whic your proposal makes no
difference, because the trusted party will control all build
machines). If someone (use