[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu-prog-discuss] Automake dist reproducibility

From: Bob Friesenhahn
Subject: Re: [gnu-prog-discuss] Automake dist reproducibility
Date: Tue, 22 Dec 2015 15:51:38 -0600 (CST)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)

On Tue, 22 Dec 2015, Pádraig Brady wrote:

On 22/12/15 17:00, Mike Gerwitz wrote:
There is ongoing discussion about reproducible builds within GNU.  I'm
having trouble figuring out the best approach for deterministic
distribution archives using Automake.

I've not thought much about this, but I'm
wondering about how useful deterministic tarballs are?

The main thrust of reproducible builds is to verify what's
running on the system, and there are so many variables
between the tarball and build, that I'm not sure it's
worth worrying about non determinism in the intermediate steps?

Perhaps the main focus for tarballs should just to
ensure they're properly signed.

I would agree that it is the extracted binary contents of the tarballs (ignoring artifacts like file timestamps and user ids) which counts. Attempting to get archiving tools to produce the same results at different times on different machines is close to impossible.

Bob Friesenhahn
GraphicsMagick Maintainer,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]