Re: [Rpm-maint] [rpm-software-management/rpm] Set git commit dates based on $SOURCE_DATE_EPOCH (PR #2930)

Daniel Alley Fri, 01 Mar 2024 06:22:02 -0800

Ah, you're right that if the builder and rebuilder aren't the same person 
(which, really, is the primary use case of reproducible builds) then you won't 
be able to reproduce the package.


@DemiMarie suggested a while back that if the non-signature aspects of the 
package are reproducible, then you can combine the signature of the original 
package with the signature of the rebuilt package, and *that* should be able to 
verify correctly as if it was completely reproduced.

https://github.com/rpm-rs/rpm/issues/156#issuecomment-1575994196

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2930#issuecomment-1973291699
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2930/c1973291...@github.com>

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Set git commit dates based on $SOURCE_DATE_EPOCH (PR #2930)

Reply via email to