Adrian Bunk <b...@debian.org> writes: > Future policy versions might change this definition, but whatever latest > policy states has to be the definition used by both packages and the > reproducible builds team.
> Another example is that a package that is reproducible according to the > policy definition must not show up as non-reproducible in tracker/DDPO > based on results from the reproducible infrastructure. This seems really inflexible and unnecessarily absolutist. I don't agree with taking this approach. The point of adding this definition to Policy is that we're setting a new minimum bar for packages in Debian to meet. We're giving official blessing to this requirement for Debian packages (at the normal bug level, not RC bug, for now), meaning this is a goal that the project is working towards and something every packager should think about at this level. This in absolutely no way constrains the reproducible build team from working on raising the bar in the future, just as the absence of this language from Policy did not prevent them from starting to work on this problem four years ago. They should continue to work on making package builds more reproducible and raising the bar for reproducibility as makes sense for their goals and judging the impact of that. Once any new requirements reach maturity and look feasible and have some project committment, we'll change Policy to set a new baseline for the whole project. But the reproducible builds work should not *wait* for that, and should definitely push forward and experiment just as they have up until now. I do think it might be worth considering distinguishing between packages that are minimally reproducible and packages that meet higher reproducibility bars (such as not caring about the location of the build tree) in reporting infrastructure like tracker. But I'm totally fine with surfacing failures on new, higher bars in places like tracker before we change Policy, just like we've been surfacing reproducibility failures before Policy said anything about it at all. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
