On 07/16/2017 11:12 PM, Jonas Smedegaard wrote: > It was just an example, however, and my real question was generally what > governs code we distribute outside packages - i.e. our install images, > if Debian Policy covers only packages.
I don't know if this is actually in Policy or not, but in my opinion any tool used to create any official Debian images should also be part of Debian itself - for precisely the reasons you were mentioning in your email: downstreams should be able to reproduce Debian images. In the short term only in functionality and not bit-by-bit, but I would consider reproducible image builds a worthwhile long-term goal after fully reproducible package builds throughout the archive have been achieved. Actually, I'm extremely surprised that the tools used to create the official Debian images are not part of the corresponding Debian stable version. I don't doubt there's a good reason for using these specific versions of those tools, but in that case they should also be packaged for the release in question. Regards, Christian