On Tue, Jul 14, 2020 at 4:06 PM Thomas Goirand wrote: > Better: we must mandate binary uploads, rebuild them, and make sure they > are reproducible. Then get the buildd upload the binary they build (or > the one from the uploader, since that's the same thing...). > > When the package isn't reproducible: reject the package and provide a > link to diffoscope. :)
That would be nice, but I wonder if build-dep version skew will make it infeasible. -- bye, pabs https://wiki.debian.org/PaulWise
