On Mon, Feb 25, 2019 at 05:11:54PM -0500, Ted Unangst wrote: > Marc Espie wrote: > > On Mon, Feb 25, 2019 at 03:02:42PM -0500, Ted Unangst wrote: > > > Andre Stoebe wrote: > > > > Hi, > > > > > > > > I, too, would like to have a way of signing the gzip archive in a > > > > reproducible way, so here's a diff that uses -n, similar to gzip(1). > > > > > > > > However, if that's a bad idea, I'm fine with continuing to use an > > > > unsigned gzip archive and creating a sigfile with signify. > > > > > > Let me think on this for a bit. Seems reasonable, though. > > > > If you want something simpler, just set the date from outside through an > > env variable, so you'll have a reproducible date line for when you > > absolutely > > need it. > > Like TZ? I don't think there's a way to change the time that way. Is there?
No, but instead of an extra option, a specific env variable ? might make more sense... or less. I don't know. I'm surprised this surfaced again, as the subject was broached a few months ago and dismissed, because yep, we do want the timestamp to mean something for pkg_add. Especially relating to our keys having a shelf life.
