Hi,a colleague of mine is rather skeptic towards bootstrapping and reproducible-builds.
E.g. he wrote https://fy.blackhats.net.au/blog/html/2021/05/12/compiler_bootstrapping_can_we_trust_rust.html and the effect can also be seen in his packaging such as https://build.opensuse.org/package/show/openSUSE:Factory/rust1.65that ships with two gigabytes of bootstrap compiler binaries for various architectures instead of using our existing rust packages of version N-1 "because compilation takes twice as long".
He also once pointed me to https://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.htmlIn the end, it would be useful to collect some well-worded / well-thought counter-arguments on r-b.o (if we don't have that already)
https://reproducible-builds.org/docs/buy-in/ could provide some input. Any thoughts and/or volunteers? Ciao Bernhard M.
OpenPGP_signature
Description: OpenPGP digital signature