[adding rb-general to CC] Hi Guillem,
> Holger proposed to bundle the .buildinfo files into .deb archives > during the DebConf talk. I've mentioned to Holger that I'm not seeing > this as being feasible and mentioned various reasons why, but I'm also > still open to explore this possibility. So I've added these in a wiki > page: > > <https://wiki.debian.org/Teams/Dpkg/Spec/BundledBuildinfo> The majority Debian's documentation is either littered around the internet, in obscure mailing list posts, in IRC backlogs or simply in people's minds. This kind of document pushes back against this organisational antipattern, so thank you. With regards to your question, I do not believe you are missing anything here, except perhaps to clarify exactly which .debs you would put the .buildinfo into. I assume you mean all of the binary .debs (noting your later caveat regarding .udebs), but it might be worth being specific for clarity. In terms of my own opinion, you remark that: this would make a simple file comparison [..] require some kind of tool This does indeed go against one of the stated original design principles as well as the unstated æsthetic ones that I hold personally. I have also empirically observed that the platforms that adopt a "oh, you just need this small tool" approach do not appear to gain as much traction too. Now, I cannot back this up scientifically, but I don't believe this is purely for technical reasons but also cognitive ones. As in, there is something deeply psychologically reassuring and satisfying to humans when a reproducible artefact can be seen to be identical using just our "eyes" and without any tools whatsoever. I might completely trust some tool technically and even trust it from a security perspective (!) yet it somehow does not feel nearly as "secure", right or intuitive. (As an obiter dictum, are we sure it was Holger who was proposing this idea in the talk, rather than mentioning it? I think he has previously echoed my view on the "no special tools" principle, hence this minor remark. Am willing to be corrected either way.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-