On 2017-01-16 11:26, Santiago Vila wrote:
Before I use this rationale more times in some discussions out there,
I'd
like to be sure that there is a consensus.
What's the definition of reproducible? It is more like A or more like
B?
A. Every time the package is attempted to build, the build succeeds,
and the same .deb are always created.
I may be wrong, but I believe that it's not possible to guarantee that
the build succeeds every single time, even once we've locked all inputs
to be in a known state. Cosmic rays would be one potential breakage, or
corruption of a built intermediate artifact etc.
B. Every time the build is attempted and the builds succeeds, the
same .deb are always created.
So I expect this is likely to be more viable than your A.
However, for a given set of inputs (including tooling) that are known to
create a successful build once, they should always succeed provided
there are no infrastructure glitches.
I'd also say that reproducibility shouldn't be .deb specific. Other
projects are seeking bit-for-bit reproducibility with other packaging
mechanisms. So I'd replace "the same .deb" with the same binary
artifacts"
br
Paul
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds