On Mon, Aug 24, 2015 at 10:30:45PM +0100, Colin Tuckley wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 24/08/15 22:02, Vincent Bernat wrote: > > > We have pushed other archive-wide goals that were not shared by > > all upstreams. For example, we have enabled hardening build flags > > on almost all packages and for packages that don't obey to the > > appropriate flags, bugs with severity "important" were filed. > > That's not that different of a reproducible build. > > Sorry, but it's a *completely* different situation. The hardening > initiative made applications more secure and tamper resistant. The r-b > changes do nothing useful post-build.
Sorry, but this is not correct. You may not think it important, but that doesn't mean it is useless post-build. The ability to independently verify that the built binary did indeed come from a given source is a *huge* benefit. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26