[Pkg-javascript-devel] Bug#817979: modernizr: input order is not deterministic
Sascha Steinbiss
satta at debian.org
Mon Jul 25 16:11:10 UTC 2016
Hi Petter,
On 22/07/2016 21:29, Petter Reinholdtsen wrote:
> [Sascha Steinbiss]
>> I have notices that your package libjs-modernizr does not build
>> reproducibly from the modernizr source package because of
>> nondeterministic input order given by shell globbing.
>> See https://reproducible-builds.org/docs/stable-inputs/ for more
>> information.
>>
>> I have attached a patch that makes the build reproducible for me.
>
> Thank you very much. I hope the package maintainer fixes this issue soon,
> as the package is used by FreedomBox, and we would really like all the
> packages used by FreedomBox reproducable, for security reasons. :)
Indeed, I would agree :)
If there's no reply after some time, do you think a NMU would be
justified for reproducibility only?
Cheers
Sascha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20160725/3d63d36c/attachment.sig>
More information about the Pkg-javascript-devel
mailing list