control: severity -1 normal thanks Hi Simon,
thanks for filing this bug report. I agree, reliable behavior is
desirable, hence raising the severity.
On Mon, Jun 02, 2025 at 01:54:33PM +0100, Simon McVittie wrote:
> I think it would be better for system reproducibility if either
> devscripts had a Depends on some-concrete-package | sopv | gpgv, or
> devscripts had a Depends on default-sopv | sopv | gpgv, where
> default-sopv is either a metapackage that Depends on a recommended sopv
> implementation (like default-jdk), or a virtual package that is provided
> by exactly one binary package per architecture (like
> default-mta and default-logind). The approach where each virtual package
> FOO has an accompanying virtual package default-FOO with at most one
> implementation seems to be a popular one in recently-implemented
> alternatives sets, and it doesn't require trips through NEW.
I'm not sure I want to introduce a new virtual package at this stage
of the release. I'd rather change the depends from the current
"sopv | gpgv" to
"sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv"
taken from dpkg-dev.
More feedback definitly much welcome.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
“The party told you to reject the evidence of your eyes and ears. It was their
final, most essential command.” -Orwell, 1984
signature.asc
Description: PGP signature

