On 09/05/2018 04:38 PM, Bastien ROUCARIES wrote: >>> Browserify (or webpack) is a static compiler for javascript. I believe >>> that we must use built-using field in order to be policy compliant. >>> [...]
> But I was thinking Built-Using may be used by security team in order > to trigger rebuild. > That should not be necessary. If we really needed that information (which seems unlikely to me), buildinfo files can provide it. Otherwise we'd set built-using to "everything in the build chroot" for every single package, and that doesn't seem like something we want or need to do. browserify doesn't seem to be that special, IMO. Cheers, Julien
