[Rpm-ecosystem] Reproducible Builds
ngompa13 at gmail.com
Tue Mar 1 19:20:24 UTC 2016
On Tue, Mar 1, 2016 at 11:27 AM, Miroslav Suchy <msuchy at redhat.com> wrote:
> Dne 1.3.2016 v 17:18 Neal Gompa napsal(a):
> Isn't this equivalent of dist-git? Sans the signature. But if you do
> signed tag in dist-git then you will have all the information as Debian
> has in dsc file.
That's true, but what about the case where people don't have a
dist-git? There are definitely environments where people are using
CVS, SVN, or even nothing at all. I know for at least a few
distributions that are not built using an SCM.
Also, since we can use tools like spectool to retrieve sources/patches
that have URLs, having tags in the spec with checksum information
means that those tools can use that information to check the
真実はいつも一つ！/ Always, there's only one truth!
More information about the Rpm-ecosystem