Web lists-archives.com

jn/reproducible-build, was Re: What's cooking in git.git (Nov 2017, #08; Tue, 28)




Hi Junio & Jonathan (Nieder, there is another active Jonathan again),

On Wed, 29 Nov 2017, Junio C Hamano wrote:

> * jn/reproducible-build (2017-11-22) 3 commits
>   (merged to 'next' on 2017-11-27 at 6ae6946f8c)
>  + Merge branch 'jn/reproducible-build' of ../git-gui into jn/reproducible-build
>  + git-gui: sort entries in optimized tclIndex
>  + generate-cmdlist: avoid non-deterministic output
> 
>  The build procedure has been taught to avoid some unnecessary
>  instability in the build products.

I like this, from a purely security-informed point of view. Maybe there
would be a way to integrate this with the Continuous Testing we do? Like,
letting Travis verify that the binaries built from a certain Debian
package are really identical to the binaries built from the corresponding
commit? But I guess Travis is the wrong vehicle for this, as Travis needs
a *commit* to be pushed, not a new package to be made available via apt...

Ciao,
Dscho