Package: buildd.debian.org Severity: wishlist User: reproducible-bui...@lists.alioth.debian.org Usertags: environment
Dear buildd maintainers, since a while dpkg adds a small note to a .buildinfo if /usr/local/sbin is populated (which I'm not sure I agree is sensible, but it's what dpkg currently does), eg holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ rgrep Build-Tainted-By: 08/ |wc -l 35473 holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ find 08 -name "*.buildinfo" | wc -l 37182 so almost all .buildinfo files from August 2020 are tainted. (profitbricks7 is hosting https://buildinfos.debian.net if you want to check for yourself easily.) So how are they tainted: holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ grep -A 2 Build-Tainted-By: 08/06/firejail_0.9.62-4_ppc64el-buildd.buildinfo Build-Tainted-By: usr-local-has-programs Installed-Build-Depends: And then, also, not all .buildinfo files are taited by "usr-local-has-programs" because holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ rgrep usr-local-has-programs 08/ |wc -l 35017 (But I guess that's probably material for another bug report.) Any chance the Debian buildds could not have a tained /usr/local? Thanks for maintaining all these buildds! -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C "There's no glory in prevention." (Christian Drosten)
signature.asc
Description: PGP signature
