hi Guillem, On Fri, Nov 09, 2018 at 11:55:38AM +0100, Guillem Jover wrote: > Actually, I guess the other option that might be an option for stable is > to make dpkg-buildpackage generate the buildinfo file itself, and on > source-only uploads force the name to be _source.buildinfo regardless > of the options passed down to dpkg-genbuildinfo (even if the contents > will end up not matching the name). > > This would seem rather less intrusive, as that only changes the > behavior in a "corner-case" (even though documented and recommended > one), when using «dpkg-buildpackage --changes-option=-S». And while it > could be considered to produce confusing filenames, it sticks to the > current pattern. It would also fix the other bug where running > dpkg-genbuildinfo leaves debian/files around, even on source only > builds. > > So, I might go with that instead. any update on this?
the security team people still have to workaround this manually regularily, eg today, and would really like to see this fixed... -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C "... the premise [is] that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect." (Bruce Schneier)
signature.asc
Description: PGP signature