On Wed, Jul 15, 2020 at 02:37:26AM +0000, Paul Wise wrote: > On Tue, Jul 14, 2020 at 4:06 PM Thomas Goirand wrote: > > Better: we must mandate binary uploads, rebuild them, and make sure they > > are reproducible. Then get the buildd upload the binary they build (or > > the one from the uploader, since that's the same thing...). > > > > When the package isn't reproducible: reject the package and provide a > > link to diffoscope. :) > That would be nice, but I wonder if build-dep version skew will make > it infeasible.
debrebuild from src:devscripts can create an sbuild commandline to install
exactly the build depends which were installed in the build which is about
to be rebuild, using the data from the .buildinfo file.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
