Re: binNMU or reproducible builds (choose only one)

Thu, 17 Sep 2015 13:26:46 -0700 

On 2015-09-17 22:02, Santiago Vila wrote:
> Hello.
> 

Hi,

> I see "serious" bug reports asking for packages to drop
> "dh_installdocs --link-doc" (see Bug #799316 for an example).
> 

To clarify (for those who haven't read the bug): I requested that
--link-doc between arch:any AND arch:all packages was removed.  I made
no requests to drop --link-doc between the two arch:any packages.

> However, binNMUs break the reproducibility of the packages being
> NMUed, since apparently the requirement of providing the *exact*
> source code that was used for the *.deb is "relaxed" for the packages
> being NMUed.
> 

The current implementation might not be reproducible-safe, and we should
probably patch.  However, I do not see why binNMUs contradicts
reproducible builds in general.

> I wonder: Instead of forbidding "dh_installdocs --link-doc", which I
> consider a useful feature that should not be dropped lightly, why
> don't we just do source-full NMUs that do not change anything?
> 

binNMUs are much more lightweight than source-full NMUs.  Notably:

 * They are not subject to the NMU policy which involves delays
   - These are certainly politics that could be changed, but ...

 * Scheduling a binNMU is a simple command that involves nothing from
   the person scheduling beyond running it.
   - Certainly the tool could be patched/replaced, but notably, you
     do not have to sign/upload things for this to work.

Again, not saying it could not be changed, but binNMUs are used fairly
often.  Having to download the source code, add a changelog entry and
sign the result would make any non-trivial transition a living hell.

To put this into perspective, the perl 5.22 transition involves ~570
packages.  We expect to be able to binNMU the vast majority of those -
that is a lot of time saved by binNMUing rather than having to download,
unpack, dch -r "", pack, sign and dput.

> [...]
> 
> Maybe I'm missing anything, but why do we *need* to break existing
> dh_installdocs practice?
> 
> Thanks.
> 

The use of dh_installdocs --link-doc between arch:any and arch:all has
up to now always been "broken" (read: binNMU unsafe).  If we were to
replace the binNMU implementation with something that ensured lock-step
versions between arch:all and arch:any packages, it could start work.

Thanks,
~Niels

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to