Sean Whitton <spwhit...@spwhitton.name> writes: > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index 127b125..cc4b020 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -661,6 +661,22 @@ particularly complex or unintuitive source layout or > build system (for > example, a package that builds the same source multiple times to > generate different binary packages). > > +Reproducibility > +--------------- > + > +Packages should build reproducibly, which for the purposes of this > +document [#]_ means that given > + > +- a version of a source package unpacked at a given path; > +- a set of versions of installed build dependencies; > +- a set of environment variable values; and > +- a build architecture, > + > +repeatedly building the source package on any machine of the same > +architecture with those versions of the build dependencies installed > +and exactly those environment variable values set will produce > +bit-for-bit identical binary packages. > + > .. [#] > See the file ``upgrading-checklist`` for information about policy > which has changed between different versions of this document. > @@ -790,3 +806,7 @@ generate different binary packages). > often creates either static linking or shared library conflicts, and, > most importantly, increases the difficulty of handling security > vulnerabilities in the duplicated code. > + > +.. [#] > + This is Debian's precisification of the `reproducible-builds.org > + definition <https://reproducible-builds.org/docs/definition/>`_.
Seconded. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
