Hi, Vagrant Cascadian <vagr...@reproducible-builds.org> skribis:
> On 2022-07-11, Vagrant Cascadian wrote: >> I hear Efraim say better to have unique randomness and no substitutes, >> and I hear Tobias say more or less it's ok as long as upstream is right >> about it being ok to embed a specific prime as other random numbers get >> mixed in at runtime... > > Well, now that I hit send already, I guess another option is ... to have > both? > > One package without patches that is not substitutable and not > reproducible, and one with patches that is verifyably reproducible and > substitutable? Honestly, I don’t think it’s worth bothering about the non-substitutable trick. In practice, maradns should be able to rely on /dev/urandom at run time, right? Ludo’.
