[Rpm-ecosystem] Reproducible Builds

Neal Gompa ngompa13 at gmail.com
Tue Mar 1 19:20:24 UTC 2016


On Tue, Mar 1, 2016 at 11:27 AM, Miroslav Suchy <msuchy at redhat.com> wrote:
> Dne 1.3.2016 v 17:18 Neal Gompa napsal(a):
> Isn't this equivalent of dist-git? Sans the signature. But if you do
> signed tag in dist-git then you will have all the information as Debian
> has in dsc file.

That's true, but what about the case where people don't have a
dist-git? There are definitely environments where people are using
CVS, SVN, or even nothing at all. I know for at least a few
distributions that are not built using an SCM.

Also, since we can use tools like spectool to retrieve sources/patches
that have URLs, having tags in the spec with checksum information
means that those tools can use that information to check the
sources/patches.



-- 
真実はいつも一つ!/ Always, there's only one truth!


More information about the Rpm-ecosystem mailing list