John Gilmore <[email protected]> writes: > fosslinux via rb-general <[email protected]> wrote: >> And not everyone is convinced that reproducible builds are a priority >> or even necessary, unfortunately. So what are we to do with this? >> Should we just say "ok, this upstream doesn't have the desire, or >> time, or resources to guarantee reproducible builds, therefore >> reproducible builds for this project are a lost cause"? This seems a >> very defeatist attitude to me. > > I recommend that you find a project that is more compatible with your > own goals. This one does seek to have maintainers of both individual > programs, and operating systems, produce bit-for-bit reproducible > results from human-readable source code, which end-users can easily > verify, with automation for doing rebuilds and comparing them.
Are you saying that as intentionally excluding the Debian LiveCD from being called reproducible? Honest question, I'm curious about what you (and others) actually think that the Debian LiveCD build process should be called. The Debian LiveCD doesn't fulfil your requirements. It is built from pre-built binaries, some of them cannot be rebuilt reproducible, and some of them we don't have source code for. This is not a bug that Debian community desire to see fixed, it is is encoded in the social contract (which of course could be modified again, but that's another discussion..). I think the Debian LiveCD build process is reproducible enough to be allowed to use some reproducibility term. We've seen a lot of fragmentation in the FOSS community over the years on fairly minor philosophical grounds, while strongly proprietary systems like iPhone or Windows wins ground. I'm hoping we can defragment the reproducible build situation by inventing terminology that covers different situations. /Simon
signature.asc
Description: PGP signature
