Hi all, Just following up on this thread. As it's been a while, here's the thread index:
https://lists.debian.org/debian-security/2017/01/threads.html#00014 ... but AIUI, the issue is as follows. Naturally, let me know if this a poor or inaccurate summary: * binNMUs do not bump debian/changelog. * This causes mtimes to to not be bumped in the (actually modified!) package. * Backup programs (eg. rsync) will therefore not believe a binary has changed and thus will be skipped over. * A binary restored from such a backup may not execute correctly. * Asking users to change anything at all is always problematic, but to ask them to switch to using (for example) --checksum with its non-trivial performance penalty is a very difficult ask indeed. Some backup programs may not even support such a mode anyway… My questions are as follows: a) Has anything changed in the meantime? b) Will this affect stretch? If so, what do we need to do now? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- _______________________________________________ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
