control: severity -1 normal
thanks

Hi Simon,

thanks for filing this bug report. I agree, reliable behavior is
desirable, hence raising the severity.

On Mon, Jun 02, 2025 at 01:54:33PM +0100, Simon McVittie wrote:
> I think it would be better for system reproducibility if either 
> devscripts had a Depends on some-concrete-package | sopv | gpgv, or 
> devscripts had a Depends on default-sopv | sopv | gpgv, where 
> default-sopv is either a metapackage that Depends on a recommended sopv 
> implementation (like default-jdk), or a virtual package that is provided 
> by exactly one binary package per architecture (like 
> default-mta and default-logind). The approach where each virtual package 
> FOO has an accompanying virtual package default-FOO with at most one 
> implementation seems to be a popular one in recently-implemented 
> alternatives sets, and it doesn't require trips through NEW.

I'm not sure I want to introduce a new virtual package at this stage
of the release. I'd rather change the depends from the current
"sopv | gpgv" to
"sqv | sqopv | rsopv | sopv | gosop | pgpainless-cli | gpgv-sq | gpgv"
taken from dpkg-dev.

More feedback definitly much welcome.


-- 
cheers,
        Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

“The party told you to reject the evidence of your eyes and ears. It was their
final, most essential command.” -Orwell, 1984

Attachment: signature.asc
Description: PGP signature

Reply via email to