URL:
<http://savannah.gnu.org/bugs/?49654>
Summary: xgettext and build determinism
Project: GNU gettext
Submitted by: jmd
Submitted on: Sun 20 Nov 2016 07:54:44 AM CET
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Xgettext puts a line the generated .pot file of the form:
"POT-Creation-Date: 2016-11-20 07:47+0100\n"
which then gets propagated to all .po and .mo files.
This is problematic because it means that each time one builds a
project which uses xgettext one gets a different result, which raises concerns
about verifibility and security.
Some currently affected projects are listed at
https://tests.reproducible-builds.org/debian/issues/unstable/different_pot_creation_date_in_gettext_mo_files_issue.html";
Can I suggest that you either :
* Make the inclusion of this field an opt in flag to xgettext; OR
* Use the suggested standard at
https://reproducible-builds.org/specs/source-date-epoch/ which will set this
field to a canonical value.
Thanks.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?49654>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
