Please remove the following email address: e.little...@gmail.com
On Sun, Sep 10, 2023 at 12:27 AM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > Your message dated Sat, 09 Sep 2023 21:23:52 -0700 > with message-id <87o7iazmef....@hope.eyrie.org> > and subject line Re: Bug#940234: debian-policy: add a section about source > reproducibility > has caused the Debian Bug report #940234, > regarding debian-policy: add a section about source reproducibility > to be marked as done. > > This means that you claim that the problem has been dealt with. > If this is not the case it is now your responsibility to reopen the > Bug report if necessary, and/or fix the problem forthwith. > > (NB: If you are a system administrator and have no idea what this > message is talking about, this may indicate a serious mail system > misconfiguration somewhere. Please contact ow...@bugs.debian.org > immediately.) > > > -- > 940234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940234 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > > ---------- Forwarded message ---------- > From: Aurelien Jarno <aure...@debian.org> > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Cc: > Bcc: > Date: Sat, 14 Sep 2019 13:34:49 +0200 > Subject: debian-policy: add a section about source reproducibility > Package: debian-policy > Version: 4.4.0.1 > Severity: wishlist > > There is already a section about reproducibility in the debian-policy, > but it only mentions the binary packages. It might be a good idea to > add a new requirement that repeatedly building the source package in > the same environment produces identical .dsc file modulo the GPG > signature. > > I haven't checked how many packages do not fulfill this condition, but > there are for sure packages where the Build-Depends: entry in the dsc > file does not match the debian/control file, as they have been added > manually after the package build. TTBOMK there is nothing preventing > that in the debian policy. > > -- System Information: > Debian Release: bullseye/sid > APT prefers testing > APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), > LANGUAGE=fr (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > debian-policy depends on no packages. > > Versions of packages debian-policy recommends: > ii libjs-sphinxdoc 1.8.5-3 > > Versions of packages debian-policy suggests: > pn doc-base <none> > > -- no debconf information > > > > ---------- Forwarded message ---------- > From: Russ Allbery <r...@debian.org> > To: Holger Levsen <hol...@layer-acht.org> > Cc: 940234-d...@bugs.debian.org > Bcc: > Date: Sat, 09 Sep 2023 21:23:52 -0700 > Subject: Re: Bug#940234: debian-policy: add a section about source > reproducibility > Holger Levsen <hol...@layer-acht.org> writes: > > >>> I haven't checked how many packages do not fulfill this condition > > > You should definitly do this before asking policy to be changed. > > It's also not really hard, just loop through all source packages, > > download them, rebuild them, compare. > > > And you might want to start with just the essential set. > > > and, TBH, I'm pretty sure very few source packages can be rebuild > > reproducible. Proove me wrong! :) > > It's been about a year since the last response on this bug, and I think > the most recent round of responses were to someone who quoted the entire > original bug report without adding any new content. I don't think we can > do anything with this bug on the Policy side until someone confirms that > source package reproducibility is viable, so I'm going to close this bug > for the time being. > > If someone wants to do the work to confirm that, please do open a new bug > so that we can document it in Policy. > > -- > Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>