Adrian Bunk: > On Wed, Aug 16, 2017 at 10:24:07AM +0000, Mattia Rizzolo wrote: >> On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk <b...@debian.org> wrote: >> >>> Tracker: >>> https://tracker.debian.org/pkg/hsqldb1.8.0 >>> "Does not build reproducibly during testing" >> >> And indeed it's not reproducible according to policy: it's storing the >> build user at the very least. >> ... > > What makes you so confident that this package is not reproducible > according to policy? > > According to policy, storing the value of $USER in the binary > is clearly permitted for a reproducible package. [1] > > As long as the reproducible builds infrastructure varies $USER instead > of following the policy definition, it is not suitable for determining > whether or not a package is reproducible according to policy. > > And what the reproducible builds infrastructure pushes as > Does not build reproducibly during testing > to tracker and DDPO is therefore not usable for determining > reproducibility according to policy. > > cu > Adrian > > [1] I haven't checked what exactly this package does >
Fair enough. I actually spotted that but thought it was better to get "something" into Policy rather than nitpick. I guess other people were thinking similar things. Well, lesson learnt, I will be more forceful next time. The sentence I amended said "most environment variables" so our intent is clear. If we want to fix this now, I would suggest amending: - a set of environment variable values; and + a set of reserved environment variable values; and then later: + A "reserved" environment variable is defined as DEB_*, DPKG_, SOURCE_DATE_EPOCH, BUILD_PATH_PREFIX_MAP, variables listed by dpkg-buildflags and other variables explicitly used by buildsystems to affect build output, excluding any variables used by non-build programs to affect their behaviour. Explicitly, this excludes TERM, HOME, LOGNAME, USER, PATH and likely any variables ending with *PATH. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git