Package: python-flask-limiter-doc Version: 3.5.1-1 Severity: wishlist Tags: patch
Dear Maintainer, I'm an occasional volunteer contributor to the Reproducible Builds[1] project, and recently noticed that python-flask-limiter-docs package failed to build reproducibly during automated reproducible build testing[2] and also during a reprotest build[3] on Salsa-CI. The origin of the non-reproducibility demonstrated in both of those cases is that a command[4] invoked by the Sphinx-based documentation project markup produces nondeterministic output. In particular, the output involves iteration over a set of HTTP methods associated with a flask (Python web framework) view. The methods are placed[5] on the relevant Python object by the werkzeug Python library, and are stored within an Python set object that is unordered[6]. Because the storage (and therefore retrieval) ordering of the elements in the set is based on Python's object hashing, it is non-deterministic by default and varies at build-time. We can fix this within Debian's packaging by configuring the PYTHONHASHSEED[7] to use a deterministic value. The value of zero (0) appears to be most common within existing debian/rules files, based on codesearch[8]. I'll open a merge request on Salsa to suggest that modification and will link that to the bug here. Regards, James [1] - https://reproducible-builds.org/ [2] - https://tests.reproducible-builds.org/debian/rb-pkg/trixie/amd64/diffoscope-results/flask-limiter.html [3] - https://salsa.debian.org/python-team/packages/flask-limiter/-/jobs/5335790 [4] - https://sources.debian.org/src/flask-limiter/3.5.1-1/doc/source/cli.rst/#L60-L61 [5] - https://sources.debian.org/src/python-werkzeug/3.0.1-2/src/werkzeug/routing/rules.py/#L477 [6] - https://docs.python.org/3.11/library/stdtypes.html#set-types-set-frozenset [7] - https://docs.python.org/3/using/cmdline.html#envvar-PYTHONHASHSEED [8] - https://codesearch.debian.net/search?q=path%3Adebian%2Frules+PYTHONHASHSEED
