[Rpm-ecosystem] Reproducible Builds
boklm at mars-attacks.org
Fri Mar 4 19:42:06 UTC 2016
On Fri, 04 Mar 2016, Neal Gompa wrote:
> This is not true when you have some packages with the NoSource attribute set.
> With NoSource set for some Sources, they don't get packed into the
> Source RPM, meaning we need something to verify them again and again.
There are still many ways to verify them. You could check the sha256sum
in the %prep section, in a script you run before rpmbuild, or some other
ways depending on how you plan to distribute the source files ...
Anyway, this is a different topic than reproducible builds.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the Rpm-ecosystem