Sean Whitton: > [..] > > Here is an updated patch addressing these. I reworded it to use > 'recommended' and changed the tone to better suit policy. > > Thank you Ximin, Russ and Johannes! > >> "precisification" -> "more precise version" > > Our definition is not actually a /version/ of the > reproducible-builds.org definition -- that would imply that our > definition could replace the reproducible-builds.org definition, like > upgrading a package. > > 'precisification' means roughly "filling out the missing specification > when it is appropriate to fill it out", which is what the r-p.org > definition instructs distributors to do. > > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index 127b125..6e32870 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -661,6 +661,28 @@ particularly complex or unintuitive source layout or > build system (for > example, a package that builds the same source multiple times to > generate different binary packages). > > +Reproducibility > +--------------- > + > +Packages should build reproducibly, which for the purposes of this > +document [#]_ means that given > + > +- a version of a source package unpacked at a given path; > +- a set of versions of installed build dependencies; > +- a set of environment variable values; > +- a build architecture; and > +- a host architecture, > + > +repeatedly building the source package for the build architecture on > +any machine of the host architecture with those versions of the build > +dependencies installed and exactly those environment variable values > +set will produce bit-for-bit identical binary packages. > + > +It is recommended that packages produce bit-for-bit identical binaries > +even if most environment variables and build paths are varied. It is > +intended for this stricter standard to replace the above when it is > +easier for packages to meet it. > + > .. [#] > See the file ``upgrading-checklist`` for information about policy > which has changed between different versions of this document. > @@ -790,3 +812,7 @@ generate different binary packages). > often creates either static linking or shared library conflicts, and, > most importantly, increases the difficulty of handling security > vulnerabilities in the duplicated code. > + > +.. [#] > + This is Debian's precisification of the `reproducible-builds.org > + definition <https://reproducible-builds.org/docs/definition/>`_. > >
Thanks! Seconded. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
