Hi,
Alexander Sosedkin <asosedkin(a)redhat.com> wrote:
In RPM world, I've even entertained an idea of having a
subpackage for
auditability not unlike how we have debuginfo, since rebuilding a package
reproducibly requires builddep pinning. But if that's avoidable, I’d
rather just not mix artifacts with meta.
Debian is working on this already, they call those “buildinfo” files:
https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles
https://manpages.debian.org/testing/dpkg-dev/deb-buildinfo.5.en.html
If we want something similar, I’d propose not to completely re-invent the
wheel.
HTH,
Clemens