[Rpm-ecosystem] Reproducible Builds

Nicolas Vigier boklm at mars-attacks.org
Fri Mar 4 19:42:06 UTC 2016

On Fri, 04 Mar 2016, Neal Gompa wrote:

> This is not true when you have some packages with the NoSource attribute set.
> With NoSource set for some Sources, they don't get packed into the
> Source RPM, meaning we need something to verify them again and again.

There are still many ways to verify them. You could check the sha256sum
in the %prep section, in a script you run before rpmbuild, or some other
ways depending on how you plan to distribute the source files ...

Anyway, this is a different topic than reproducible builds.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-ecosystem/attachments/20160304/5175171b/attachment.asc>

More information about the Rpm-ecosystem mailing list