On Fri, Sep 01, 2017 at 06:34:38PM +0100, Ian Campbell wrote:
> On Fri, 2017-09-01 at 12:43 +0200, Helmut Grohne wrote:
> > Whatever point you were trying to make around NEW, your argument is not
> > very convincing. I think Holger is right here: Where the package is
> > built should not matter. Pr
On Fri, 2017-09-01 at 12:43 +0200, Helmut Grohne wrote:
> Whatever point you were trying to make around NEW, your argument is not
> very convincing. I think Holger is right here: Where the package is
> built should not matter. Presence of .buildinfo and reproducibility
> does.
Appollogies if this
On Fri, Sep 01, 2017 at 11:07:17AM +0100, Simon McVittie wrote:
> The problem with maintainer-built binaries around NEW is that if they
> wait in the NEW queue for (let's say) 1 month, then by the time they
> reach the archive, they were built with a 1 month old toolchain and
> build-dependencies,
On Fri, Sep 01, 2017 at 09:43:54AM +, Holger Levsen wrote:
> On Fri, Sep 01, 2017 at 09:34:53AM +0300, Adrian Bunk wrote:
> > On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> > >...
> > > However, based on an informal survey at DebConf (and to reflect the
> > > feeling towards soft
On Fri, 01 Sep 2017 at 09:40:25 +, Holger Levsen wrote:
> On Fri, Sep 01, 2017 at 09:26:44AM +0300, Adrian Bunk wrote:
> > AFAIK the only place where we currently still need binary packages that
> > have been built on a maintainer machine is for [...]
>
> the fun part is that once a package
On Fri, Sep 01, 2017 at 09:34:53AM +0300, Adrian Bunk wrote:
> On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> >...
> > However, based on an informal survey at DebConf (and to reflect the
> > feeling towards software reproducibility in the free software community
> > in general) unles
On Fri, Sep 01, 2017 at 09:26:44AM +0300, Adrian Bunk wrote:
> AFAIK the only place where we currently still need binary packages that
> have been built on a maintainer machine is for [...]
the fun part is that once a package builds bit by bit identically, it doesnt
matter anymore where it's bee
Hi!
On Fri, 2017-09-01 at 09:26:44 +0300, Adrian Bunk wrote:
> AFAIK the only place where we currently still need binary packages that
> have been built on a maintainer machine is for NEW, and after someone
> has implemented a solution for that there is no blocker left for
> allowing only source
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
>...
> However, based on an informal survey at DebConf (and to reflect the
> feeling towards software reproducibility in the free software community
> in general) unless there are strong objections I intend to raise the
> severity of these
On Mon, Aug 24, 2015 at 11:41:21PM +0200, Vincent Bernat wrote:
> ❦ 24 août 2015 22:30 +0100, Colin Tuckley :
>
> >> We have pushed other archive-wide goals that were not shared by
> >> all upstreams. For example, we have enabled hardening build flags
> >> on almost all packages and for packages
On Mon, Aug 24, 2015 at 10:30:45PM +0100, Colin Tuckley wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 24/08/15 22:02, Vincent Bernat wrote:
>
> > We have pushed other archive-wide goals that were not shared by
> > all upstreams. For example, we have enabled hardening build fla
On Mon, Aug 24, 2015 at 10:25:01PM +0200, Niels Thykier wrote:
> > It is really so much difficult to make this in stages?
> > For example:
> > Stage 1. Make it a policy *recommendation*, with normal severity.
> > Stage 2. Make it a policy "should", with important severity.
> > Stage 3. Make it a r
> Quoting Holger: "This is a lie" (pointing to a graph that was being
> shown on the screen). The current figures we are handling right now
> refer to a modified build environment (i.e. sid + the special
> sources.list line from alioth).
I do not intend to change anything until these changes have
On Mon, Aug 24, 2015 at 10:25:01PM +0200, Niels Thykier wrote:
> In your opinion, how much of the archive should be fixed before one can
> start bumping the severity?
I don't know, but I think we should have better statistics before
deciding about that.
Quoting Holger: "This is a lie" (pointing t
Santiago Vila wrote...
> Making a great percentage of packages in the archive to be "suddenly"
> buggy is unacceptable.
Nobody would consider making failing r12y "serious" at the current
state where 13 to 17 percent of the packages fail, depending on how
you read the numbers.
> We all want Debia
❦ 24 août 2015 22:30 +0100, Colin Tuckley :
>> We have pushed other archive-wide goals that were not shared by
>> all upstreams. For example, we have enabled hardening build flags
>> on almost all packages and for packages that don't obey to the
>> appropriate flags, bugs with severity "importan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24/08/15 22:02, Vincent Bernat wrote:
> We have pushed other archive-wide goals that were not shared by
> all upstreams. For example, we have enabled hardening build flags
> on almost all packages and for packages that don't obey to the
> appropr
Niels Thykier writes:
> On 2015-08-24 21:24, Santiago Vila wrote:
>> We all want Debian to build reproducibly, but goals are achieved by
>> submitting bugs, changing packages and making uploads, not by rising
>> severities.
> I agree in general that people should make an effort to improve the
>
On 24/08/15 21:42, Niels Thykier wrote:
> Are you aware that 37 out of 40 of your packages can currently be build
> reproducible in unstable using the patched toolchain (e.g. dpkg and
> debhelper). This (I presume) is without you having done anything to
> make them explicitly reproducible.
Actua
❦ 24 août 2015 21:12 +0100, Colin Tuckley :
>> Well, I object strongly.
>
> Same here, in my view reproducibility is a 'nice to have' it should
> *never* be forced on a package.
>
> We are in the business of packaging upstream software for
> distribution. We should not make arbitrary changes to
Hi,
On 2015-08-24 22:06, Matthias Klose wrote:
> [...] So what about identifying categories which should be fixed in any
> case, and maybe which should have special rules for accelerated NMUs and such?
Personally, I find that proposal quite interesting.
> Categories would include:
>
> - runnin
Hi,
On 2015-08-24 22:12, Colin Tuckley wrote:
> [...]
> Same here, in my view reproducibility is a 'nice to have' it should
> *never* be forced on a package.
>
> We are in the business of packaging upstream software for
> distribution. We should not make arbitrary changes to upstream
> software
On 2015-08-24 21:24, Santiago Vila wrote:
> [...]
>
Hi Santiago,
> Making a great percentage of packages in the archive to be "suddenly"
> buggy is unacceptable.
>
I can see where you are coming from. I have to admit that I am
personally not too concerned with the severity change. Given it i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24/08/15 20:24, Santiago Vila wrote:
> Well, I object strongly.
Same here, in my view reproducibility is a 'nice to have' it should
*never* be forced on a package.
We are in the business of packaging upstream software for
distribution. We shoul
On 08/23/2015 12:48 PM, Chris Lamb wrote:
> Hi -devel,
>
> The reproducible-builds team are currently contributing patches with
> "wishlist" severity.
>
> This is because it is not currently possible to build reproducible
> packages within sid itself - we maintain a separate repository whilst
> o
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> The reproducible-builds team are currently contributing patches with
> "wishlist" severity.
>
> This is because it is not currently possible to build reproducible
> packages within sid itself - we maintain a separate repository whilst
>
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> Hi -devel,
>
> The reproducible-builds team are currently contributing patches with
> "wishlist" severity.
>
> This is because it is not currently possible to build reproducible
> packages within sid itself - we maintain a separate rep
Hi.
Chris Lamb writes:
> Hi -devel,
>
> The reproducible-builds team are currently contributing patches with
> "wishlist" severity.
>
> This is because it is not currently possible to build reproducible
> packages within sid itself - we maintain a separate repository whilst
> our changes to the
Hi -devel,
The reproducible-builds team are currently contributing patches with
"wishlist" severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository whilst
our changes to the toolchain are pending review and consult
29 matches
Mail list logo