Am 19.09.14 um 06:34 schrieb Paul Wise:
On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote:
Finally did this:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153
Please note that you proposal to add signatures to .deb files will
break reproducible builds because the hash of the
simply un-ar and compare
the data.tar.gz-s.
Am 19.09.14 um 15:16 schrieb Daniel Kahn Gillmor:
On 09/19/2014 06:07 AM, Elmar Stellnberger wrote:
Isn`t there really any way to include the signatures in the header of
the .deb files?
Why not simply add multiple signature files in the control.tar.gz of
Am 22.09.14 um 01:52 schrieb Paul Wise:
On Mon, Sep 22, 2014 at 2:04 AM, Elmar Stellnberger wrote:
A package with some new signatures added is no more the old package.
That is exactly what we do *not* want for reproducible builds.
It should have a different checksum and be made