On Fri, Nov 11, 2022 at 8:46 AM Clemens Lang <cllang(a)redhat.com> wrote:
Hi,
Alexander Sosedkin <asosedkin(a)redhat.com> wrote:
> In RPM world, I've even entertained an idea of having a subpackage for
> auditability not unlike how we have debuginfo, since rebuilding a package
> reproducibly requires builddep pinning. But if that's avoidable, I’d
> rather just not mix artifacts with meta.
Debian is working on this already, they call those “buildinfo” files:
https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles
https://manpages.debian.org/testing/dpkg-dev/deb-buildinfo.5.en.html
If we want something similar, I’d propose not to completely re-invent the
wheel.
We've discussed an RPM-specific format upstream. Debian and Arch both
have their own formats that are tailored to their package systems, and
RPM may have one too, eventually.
--
真実はいつも一つ!/ Always, there's only one truth!