RPM Community Forums

Mailing List Message of <rpm-devel>

Mandatory/enforcing checks for "reproducible builds"

From: R P Herrold <herrold@owlriver.com>
Date: Sun 28 Sep 2008 - 22:10:12 CEST
Message-ID: <alpine.LRH.2.00.0809281606360.10039@arj.bjyevire.pbz> 
On Sun, 28 Sep 2008, Jeff Johnson wrote:

> There are two big lies with rpm packaging methodolgy.
>
> (aside) The other lie is that rpm install transactions are 
> atomic iff there are no packaging flaws or install host 
> failures.
>
> But this lie is "reproducible builds", which is true wrto 
> rpmbuild iff the build host is set up (including 
> configuration) equivalently/identically.

  ...

> I'll work up a proof-of-concept example over the next couple of months ...
>
> Opinions?

The saying is:
     If you are not the lead dog, the view never changes.

Looking at:
     https://www.redhat.com/archives/rpm-list/2003-January/msg00136.html

I am pretty sure we have been on this Iditarod before. 
Infinite looping, anyone?  ;)

-- Russ herrold
Received on Sun Sep 28 22:40:10 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.