On Fri, Sep 01, 2017 at 06:34:38PM +0100, Ian Campbell wrote:
> On Fri, 2017-09-01 at 12:43 +0200, Helmut Grohne wrote:
> > Whatever point you were trying to make around NEW, your argument is not
> > very convincing. I think Holger is right here: Where the package is
> > built should not matter.
On Fri, 2017-09-01 at 12:43 +0200, Helmut Grohne wrote:
> Whatever point you were trying to make around NEW, your argument is not
> very convincing. I think Holger is right here: Where the package is
> built should not matter. Presence of .buildinfo and reproducibility
> does.
Appollogies if this
On Fri, Sep 01, 2017 at 11:07:17AM +0100, Simon McVittie wrote:
> The problem with maintainer-built binaries around NEW is that if they
> wait in the NEW queue for (let's say) 1 month, then by the time they
> reach the archive, they were built with a 1 month old toolchain and
> build-dependencies,
On Fri, Sep 01, 2017 at 09:43:54AM +, Holger Levsen wrote:
> On Fri, Sep 01, 2017 at 09:34:53AM +0300, Adrian Bunk wrote:
> > On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> > >...
> > > However, based on an informal survey at DebConf (and to reflect the
> > > feeling towards
On Fri, 01 Sep 2017 at 09:40:25 +, Holger Levsen wrote:
> On Fri, Sep 01, 2017 at 09:26:44AM +0300, Adrian Bunk wrote:
> > AFAIK the only place where we currently still need binary packages that
> > have been built on a maintainer machine is for [...]
>
> the fun part is that once a package
On Fri, Sep 01, 2017 at 09:34:53AM +0300, Adrian Bunk wrote:
> On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
> >...
> > However, based on an informal survey at DebConf (and to reflect the
> > feeling towards software reproducibility in the free software community
> > in general)
On Fri, Sep 01, 2017 at 09:26:44AM +0300, Adrian Bunk wrote:
> AFAIK the only place where we currently still need binary packages that
> have been built on a maintainer machine is for [...]
the fun part is that once a package builds bit by bit identically, it doesnt
matter anymore where it's
Hi!
On Fri, 2017-09-01 at 09:26:44 +0300, Adrian Bunk wrote:
> AFAIK the only place where we currently still need binary packages that
> have been built on a maintainer machine is for NEW, and after someone
> has implemented a solution for that there is no blocker left for
> allowing only
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
>...
> However, based on an informal survey at DebConf (and to reflect the
> feeling towards software reproducibility in the free software community
> in general) unless there are strong objections I intend to raise the
> severity of
On Mon, Aug 24, 2015 at 11:41:21PM +0200, Vincent Bernat wrote:
> ❦ 24 août 2015 22:30 +0100, Colin Tuckley :
>
> >> We have pushed other archive-wide goals that were not shared by
> >> all upstreams. For example, we have enabled hardening build flags
> >> on almost all
On Mon, Aug 24, 2015 at 10:30:45PM +0100, Colin Tuckley wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24/08/15 22:02, Vincent Bernat wrote:
We have pushed other archive-wide goals that were not shared by
all upstreams. For example, we have enabled hardening build flags
on
Hi.
Chris Lamb la...@debian.org writes:
Hi -devel,
The reproducible-builds team are currently contributing patches with
wishlist severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository whilst
our changes
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
The reproducible-builds team are currently contributing patches with
wishlist severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository whilst
our
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24/08/15 20:24, Santiago Vila wrote:
Well, I object strongly.
Same here, in my view reproducibility is a 'nice to have' it should
*never* be forced on a package.
We are in the business of packaging upstream software for
distribution. We
❦ 24 août 2015 21:12 +0100, Colin Tuckley col...@debian.org :
Well, I object strongly.
Same here, in my view reproducibility is a 'nice to have' it should
*never* be forced on a package.
We are in the business of packaging upstream software for
distribution. We should not make arbitrary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 24/08/15 22:02, Vincent Bernat wrote:
We have pushed other archive-wide goals that were not shared by
all upstreams. For example, we have enabled hardening build flags
on almost all packages and for packages that don't obey to the
On 2015-08-24 21:24, Santiago Vila wrote:
[...]
Hi Santiago,
Making a great percentage of packages in the archive to be suddenly
buggy is unacceptable.
I can see where you are coming from. I have to admit that I am
personally not too concerned with the severity change. Given it is not
Niels Thykier ni...@thykier.net writes:
On 2015-08-24 21:24, Santiago Vila wrote:
We all want Debian to build reproducibly, but goals are achieved by
submitting bugs, changing packages and making uploads, not by rising
severities.
I agree in general that people should make an effort to
On Sun, Aug 23, 2015 at 12:48:50PM +0200, Chris Lamb wrote:
Hi -devel,
The reproducible-builds team are currently contributing patches with
wishlist severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository
On 08/23/2015 12:48 PM, Chris Lamb wrote:
Hi -devel,
The reproducible-builds team are currently contributing patches with
wishlist severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository whilst
our
On 24/08/15 21:42, Niels Thykier wrote:
Are you aware that 37 out of 40 of your packages can currently be build
reproducible in unstable using the patched toolchain (e.g. dpkg and
debhelper). This (I presume) is without you having done anything to
make them explicitly reproducible.
❦ 24 août 2015 22:30 +0100, Colin Tuckley col...@debian.org :
We have pushed other archive-wide goals that were not shared by
all upstreams. For example, we have enabled hardening build flags
on almost all packages and for packages that don't obey to the
appropriate flags, bugs with severity
Hi,
On 2015-08-24 22:12, Colin Tuckley wrote:
[...]
Same here, in my view reproducibility is a 'nice to have' it should
*never* be forced on a package.
We are in the business of packaging upstream software for
distribution. We should not make arbitrary changes to upstream
software, such
Hi,
On 2015-08-24 22:06, Matthias Klose wrote:
[...] So what about identifying categories which should be fixed in any
case, and maybe which should have special rules for accelerated NMUs and such?
Personally, I find that proposal quite interesting.
Categories would include:
- running
Santiago Vila wrote...
Making a great percentage of packages in the archive to be suddenly
buggy is unacceptable.
Nobody would consider making failing r12y serious at the current
state where 13 to 17 percent of the packages fail, depending on how
you read the numbers.
We all want Debian to
Quoting Holger: This is a lie (pointing to a graph that was being
shown on the screen). The current figures we are handling right now
refer to a modified build environment (i.e. sid + the special
sources.list line from alioth).
I do not intend to change anything until these changes have
On Mon, Aug 24, 2015 at 10:25:01PM +0200, Niels Thykier wrote:
In your opinion, how much of the archive should be fixed before one can
start bumping the severity?
I don't know, but I think we should have better statistics before
deciding about that.
Quoting Holger: This is a lie (pointing to a
On Mon, Aug 24, 2015 at 10:25:01PM +0200, Niels Thykier wrote:
It is really so much difficult to make this in stages?
For example:
Stage 1. Make it a policy *recommendation*, with normal severity.
Stage 2. Make it a policy should, with important severity.
Stage 3. Make it a release
Hi -devel,
The reproducible-builds team are currently contributing patches with
wishlist severity.
This is because it is not currently possible to build reproducible
packages within sid itself - we maintain a separate repository whilst
our changes to the toolchain are pending review and
29 matches
Mail list logo