On Fri, Aug 11, 2017 at 08:35:47PM -0700, Russ Allbery wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > > I don't like the idea of hard-coding a fixed build path requirement into > > debian policy.
I don't *like* it neither but I think it's the sensible thing to do now.
> > We're over 80% with variable build paths in unstable
> > already, and i want to keep the pressure up on this. The build location
> > should not influence the binary output.
I'd like to keep the pressure on this but and I think we can still that
while OTOH also trying to get closer to 100% first+too.
With build path variation reaching the worthwhile goal of having >98%
reproducible
builds will be delayed by 1-2 years at least, so this is a classic "perfect is
the
enemy of good". I don't do reproducible builds for purely academic reasons,
I foremost want them to increase the security of user systems.
> It shouldn't, but my understanding is that it currently does. If you can
> fix that, that's great, but until that's been fixed, I don't see the harm
> in documenting this as a prerequisite for a reproducible build. If we can
> relax that prerequisite later, great, but nothing about listing it here
> should reduce the pressure on making variable build paths work. It just
> documents the current state of the world.
exactly.
--
cheers,
Holger
signature.asc
Description: Digital signature
