On 2024-09-26 01:35:45 [+0200], Fay Stegerman wrote: > For example, ZIP files or Android APKs built on a Debian system will have a > different compressed stream, like the test files you mention. Which will > likely > break Reproducible Builds tooling like apksigcopier [1] and > reproducible-apk-tools [2].
wouldn't it work to compare the decompressed stream? Is an identical ZIP file a requirement? > There might also be issues with reproducibility of Debian packages themselves > if > e.g. zlib-ng output can differ on different hardware (e.g. number of cores) > even > with an otherwise identical build environment. At the very least I think it > would be good to know how all this could be affected (and how likely things > are > to remain as stable as zlib has been so far) before making a decision to > switch. I don't know at this time. Maybe we could throw it into exp first and evaluate the situtation. > - Fay Sebastian
