Package: dpkg Version: 1.18.3 Severity: wishlist X-Debbugs-CC: reproducible-builds@lists.alioth.debian.org
Hi dpkg people, in the context of allowing to recreate the same build-environment of a past build we would need to know which packages where installed. Currently we rely on (pkgname, arch, version) tuples to uniquely identify a binary package, but as you can easily imagine this is not unique at all, definitly not in the multi distro universe, possibly not even across suites. This can also help quite some higher level package manager to identify which archive is providing the installed package, as David Kalnischkies pointed out in https://lists.debian.org/20150624164233.GA25413@crossbow I would think to just add a field in /var/lib/dpkg/status but YMMV and I'm happy with everything. As a side effect this allows enables anyone easily whether a package came from the Debian archive or from somewhere else. This matter was already briefly discussed in ML, and ended up with some open questions in https://lists.debian.org/20150623073105.GE5719@loar so let's file this bug to way easily track it. To me it seems that: * we are mostly interested in the hash of the whole container: all the use cases highlighted above would require this; * If ↑ then the hash can't be pre-computed and stored inside the container. Thanks in advance for everything! -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds