"IOhannes m zmölnig (Debian GNU|Linux)" <umlae...@debian.org> writes:
> On 1/16/24 13:56, Jérémy Lal wrote: >>> >>> As Built-Using is for license compliance only, no? >>> >>> See >>> >>> https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packages-used-to-build-the-binary-built-using >> Indeed, thanks for the link. >> > > it seems that many people think that "Built-Using" can be used to > express static linking (including yours truly, even though i *know* > that it is meant for license compliance only). > > which makes me wonder: probably we should have an additional field > that expresses such static linking (and therefore would trigger a > rebuild when the dependency changes). > or we could finally accept that many¹ people would just use > "Built-Using" for this anyhow, and explicitly allow such use. Would that be better or worse than making *.buildinfo files more generally available and required? Buildinfo files appears to have some traction already, and it seems like they could help address the same problem. Unfortunately *.buildinfo still seems hard to access reliably and their integrity aren't protected by the archive-wide InRelease signature, if I understand correctly. /Simon
signature.asc
Description: PGP signature
