Am 22.09.14 um 01:52 schrieb Paul Wise:
On Mon, Sep 22, 2014 at 2:04 AM, Elmar Stellnberger wrote:
A package with some new signatures added is no more the old package.
That is exactly what we do *not* want for reproducible builds.
It should have a different checksum and be made
Source: lsof
Version: 4.86+dfsg-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps username hostname uname
Hi!
As part of the “reproducible builds” project, we have identified that
lsof build process captured too much information about its
On 09/21/2014 04:58 PM, Dominic Hargreaves wrote:
On Sun, Sep 21, 2014 at 10:45:14PM +0200, Jérémy Bobbio wrote:
As part of the “reproducible builds” effort [1], it was detected that
libgpg-error could not be built reproducibly.
The build process capture the time of the build. This piece of
Elmar Stellnberger wrote:
Am 22.09.14 um 01:52 schrieb Paul Wise:
On Mon, Sep 22, 2014 at 2:04 AM, Elmar Stellnberger wrote:
A package with some new signatures added is no more the old package.
That is exactly what we do *not* want for reproducible builds.
It should have a different
Jeroen Dekkers:
Jérémy actually already wrote a patch for dpkg-buildpackage to export
DEB_BUILD_TIMESTAMP:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=75
But if we want to push these things upstream, wouldn't it be better to
remove the DEB_ prefix from the name of the
Hans-Christoph Steiner:
I've been using faketime in my work on reproducible builds on Android (both
native C code and Java), and it has been working well. It seems to me that
the current approach in Debian does not use faketime.
Since so much of the little issues are due to timestamps, it