Buildinfo in the Debian archive, updates
Holger Levsen
holger at layer-acht.org
Tue Dec 6 21:24:20 UTC 2016
Hi,
On Mon, Nov 14, 2016 at 02:57:00PM +0000, Ximin Luo wrote:
> This email is a summary of some discussions that happened after the last post
> to bug #763822, plus some more of my own thoughts and reasoning on the topic.
I think that given our last mail on this bug was >4 weeks ago, it's
mostly important we reply to the bug at all now…
> I think having the Debian FTP archive distribute unsigned buildinfo files is an
> OK intermediate solution, with a few tweaks:
>
> 1. the hashes of the *signed* buildinfo files must be referred-to for each
> binary package, in Packages.gz
I actually think thats too much to ask for right now. we should
*propose* this now as a 2nd step, but right now the first step should be
that those .buildinfo files are stored *at all*, for later consumption.
we "loose" .buildinfo files each day currently…
[lots of interesing and useful stuff deleted.]
Thinking again, I think we should not outline stuff for the 2nd step
right now, just the very 1st, which is saving the files at all,
somewhere on the local disk (of ftp-master.d.o).
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20161206/8370833a/attachment.sig>
More information about the Reproducible-builds
mailing list