On Mon, 12 Mar 2018 07:55:46 +0900 Benda Xu <hero...@gentoo.org> wrote:
> Ha, indeed many packages hardwrites "date of build" alike. That is a > hard question to define reproducibility. I would rather ignore the > timestamps when comparing two binaries. If a hard-timestamp is to be used, assuming you have portage via git, then it might be desirable to hard-timestamp based on either: a) the timestamp of the specific ebuilds last change b) the timestamp of the most-recent-of specific ebuild+eclass's last change c) the timestamp of the specific ebuilds initial commit I'm not sure which one is more practical though. Sounds like it would be an "experts" tool which would become far more practical for people who are using custom overlays to maintain their production systems, and those people can naturally make guarantees about their repos being in git, and they can decide which of those 3 options ( well, the ones we provide at least ) are most suited to what they're doing.
pgpArrr2WrJNn.pgp
Description: OpenPGP digital signature
