Dne Pá 11. prosince 2015 10:43:51, Adam Spiers napsal(a):
Is anyone working on (or thinking of working on) making our build process reproducible?
It seems Debian and Fedora are already part of the project, and the advantages are quite compelling, not just from a security perspective, but also due to the potential savings in storage and network consumption:
Even if we are not directly involved in this we actually mandate our packages to always generate the same output and bugs reported against this are always treated properly...
The hackweek I see is more about reducing the rebuilds that get tossed away.
Ie. we now rebuild libreoffice with each update of tumbleweed (because it is beast) and we rarely "update" it simply it is rebuilt, verified it is the same and the new packages are thrown away.
Sortly put: report bugs where the package does not generate same stuff every time and it will be fixed for stuff maintained internaly and should be fixed for community based stuff.