Hello list, On 23/04/2025 11:34, fosslinux via rb-general wrote:
Hi David and list,In light of the recent discussion surrounding what "reproducibility" of the Debian ISO images means, and the further sub-discussion about what one should treat as "source code"
[snip]This discussion reminds me of a discussion that was held in Debian some time ago [citation needed] about which files are to be considered source code. Please don't go there again :-)
IIRC the outcome was, that a Debian Maintainer could decide that a certain file was 'source code enough'.
Examples would be:1) a PNG generated by the commercial closed-source package autocad. Even though the PNG file is not the real source, it is good enough, or the package maintainer does not have a license for autocad and it not able to regenerate the PNG file. 2) the configure script vs. configure.in or configure.ac. Not always are the real sources available any more and the derived versions (due to many manual modifications) have become the source instead.
Before this thread started, I was working on a small diagram, which is now published (with its source code) at
https://wiki.debian.org/ReproducibleInstalls/LiveImages https://wiki.debian.org/ReproducibleInstalls/LiveImages?action=AttachFile&do=get&target=reproducible_liveiso.svgAdditionally I've sent an update of my first, bold mail to this list https://lists.reproducible-builds.org/pipermail/rb-general/2025-April/003700.html which identifies me at the person making the claim within a specific context ('the author'), therefore fulfilling every aspect of the current definition of 'reproducible builds'.
Finally, I think the reproducible effort can have both a top-down and bottom-up strategy implemented at the same time. Both strategies involve a lot of effort to make them work. I know for sure that making reproducible live images has taken a lot of effort.
With kind regards, Roland Clobus
OpenPGP_signature.asc
Description: OpenPGP digital signature
