V Fri, Nov 11, 2022 at 02:05:11PM +0100, Miro Hrončok napsal(a): > > > As a result, more RPM packages will be reproducible: > > > > Where will this reproducibility stop? An RPM package itself carry a build > > time in its RPM header. Are we also going to fake this time in the name of > > reproducibility? > > Not as part of this change proposal and I have no intention to propose such > a thing. > Then a goal of this change cannot be a reproducible RPM package. We could rather speak about reproducible cpio archives inside the RPM packages.
> > What value these faked timestamps have? E.g. a compiled file is a function > > not > > only of its source, but also of the compiler. This proposed change removes > > the compiler part from the timestamp. Will timestamps like this be helpful? > > Are the current timestamps helpful? > None of the timestamps are reliable. But a universe where two versions of a file have the same timestamp but a different content violates my perception of time. It's connected to the tracability touched by Alexander. > > Wouldn't be easier to admit that timesamps are nonsense and simply eradicate > > all of them stamps from various data formats rather than trying to fake > > them? > > I don't think it would be easier, but I have not tried that. > > > Simply changing rpmbuild to set timestamp to 0 for all contained files, or > > removing the time attribute from the RPM format completely? > > RPM does not currently support this. RPM currently supports mtime clamping > which is what we have proposed. You seem to not like the idea but you don't > say so explicitly. If you prefer status quo over this change and would > rather see the proposal rejected, please say so, so FESCo can evaluate your > feedback when voting about the proposal. > I asked all the questions because I think it's quite convoluted way to reproducible builds. If the purpose is just normalize timestamps to a release date of the package, then fine. I didn't write explicitly that I don't like this change, because I can see some advantages of it. I'm only not convinced, wheter loosing advatages of the current systems is worth of it. -- Petr
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
