> You will get different checksums with tar and/or gzip, you can check the > extracted files and they should be the same.
Yes, content is the same, it's just difference in timestamps of folders and generated files (ChangeLog, egg-info etc). > I would like to see signed commits in the 'official' repos (at > git.openstack.org), if only because relying on sha alone doesn't seem > enough for some. Yeah, maybe RPM and I are just too old and should drop reproducibility requirement :) It might be nitpicking to expect exact same bits but it seems that only missing part is an option to tell sdist to set specific timestamp on generated files and folders. Cheers, Alan __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev