On 2025-05-11, David A. Wheeler via rb-general wrote: > I'm hoping that we now have a reasonable update of the definition of > reproducible builds. Details here: > > https://salsa.debian.org/reproducible-builds/reproducible-website/-/merge_requests/178/diffs > > There could be endless tweaking of a definition, and that helps no one. > I think this update is a big improvement.
First off, thanks for proposing some changes and getting the discussion going! I do think you have suggested and curated some valuable ideas in your proposed merge request! > Any strong objections to merging this? I think we need considerably more time and possibly a (semi)formal process to think over the potential ramifications of the changes. This is not just some grammar and typo corrections or fleshing out some new angles on reproducible builds; it is something fundamental and essential to our project. We had considerable in-person discussion leading to the original definition, and there were some very specific reasons and rationales that I suspect may get lost with the proposed changes... probably time to dig some of those notes up! The definition as it stands does have some oddness when considering things like system images, container images, etc. and I feel very mixed about letting go of the focus on source code, even though I do think there is space to call some of these usefully reproducible, I very much worry about dilluting the Reproducible Builds definition too much to accomodate them; I have the strong suspicion there will be unintended consequences. While I have read over the proposed changes a few times, I apologize for not having more concrete suggestions at this time... I do not think we have a fundamental problem with having two definitons of what a Reproducible Build is; we have one definition: https://reproducible-builds.org/docs/definition/ "A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts. The relevant attributes of the build environment, the build instructions and the source code as well as the expected reproducible artifacts are defined by the authors or distributors. The artifacts of a build are the parts of the build results that are the desired primary output." The description on the front page: https://reproducible-builds.org/ "Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code." Seems to me more a description of what the Reproducible Builds project is working on to achieve the sorts of things spelled out in the Reproducible Builds definition. Making it more clear it is about the project might be a good idea! I would be much more amenable to accepting simple changes to the description(s) and other messaging about what the project does, but I do not want to rush changes to the Reproducible Builds definition. live well, vagrant
signature.asc
Description: PGP signature
