On Thu, Apr 05, 2018 at 05:18:14PM -0400, Jeff Johnson wrote: > > > > On Apr 5, 2018, at 4:41 AM, Panu Matilainen <pmati...@redhat.com> wrote: > > > >> On 04/03/2018 10:31 PM, Vladimir D. Seleznev wrote: > >> RPMTAG_IDENTITY is calculating as digest of part of package header that > >> does not contain irrelevant to package build tag entries. > >> Mathematically RPMTAG_IDENTITY value is a result of function of two > >> variable: a package header and an rpm utility, thus this value can > >> differ for same package and different version of rpm. > > > > (aside) > Can we move this discussion to the github issue? E-mail is > increasingly painful for discussions ... I will provide some general > ideas there.
https://github.com/rpm-software-management/rpm/issues/426 > > Before proceeding with further work on this, we need to define what > > is it that we're trying to identify. The above definition is very > > ambiguous, and it's impossible to properly review + discuss the > > patch when my idea of package identity might be entirely different > > from somebody elses idea, that'll only cause unnecessary work and > > frustration. > > > > Yup. However, IDENTITY as a proof-of-reproducibility is sufficient for > discussion, though there are many details about what the plaintext > should be remain to be decided. > > > Starting with, what is a "package"? Are we talking about the source > > package, or binary packages? > > > > Both binary/source, just different identities (unless one wants to use > source IDENTITY to tie binary packages to a sufficiently similar class > of "reproducible" source rpm's, in which case a dynamic IDENTITY will > also have to be added into headers). > > > If it's binaries, then we're always ultimately talking about a > > *build*, and a line needs to be drawn somewhere. There are any > > number of ways to draw such a line, so it needs to be explicitly > > stated. One example of such line could be something like "package id > > must match between a package built on different instances of the > > same operating system, version and architecture". That clearly is > > NOT the line that this version of the patch tries to draw, but then > > it's not at all clear to me what that line is supposed to be. > > > > I'll add other thoughts at the github issue for IDENTITY. -- With best regards, Vladimir D. Seleznev _______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint