Philipp Kern asked about trying to do reproducible builds checks for
recent security updates to try to gain confidence about Debian's buildd
infrastructure, given that they run builds in sid chroots which may have
used or built or run a vulnerable xz-utils...
So far, I have not found any reproduci
On 2024-03-30, Salvatore Bonaccorso wrote:
> On Fri, Mar 29, 2024 at 07:38:35PM -0700, Vagrant Cascadian wrote:
>> Philipp Kern asked about trying to do reproducible builds checks for
>> recent security updates to try to gain confidence about Debian's buildd
>> infrastru
On 2024-03-30, Vagrant Cascadian wrote:
> On 2024-03-30, Salvatore Bonaccorso wrote:
>> On Fri, Mar 29, 2024 at 07:38:35PM -0700, Vagrant Cascadian wrote:
>>> Philipp Kern asked about trying to do reproducible builds checks for
>>> recent security updates to try to gai
On 2024-03-29, Vagrant Cascadian wrote:
> So far, I have not found any reproducibility issues; everything I tested
> I was able to get to build bit-for-bit identical with what is in the
> Debian archive.
>
> I only tested bookworm security updates (not bullseye)
...
> Not yet
