Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=524332
--- Comment #8 from Michael Schwendt mschwendt@gmail.com 2009-09-29 05:07:54 EDT ---
I had a similar conversation on IRC and the outcome was that the timestamps are quite important for noarch packages.
How important is "quite important"? If there is somebody who spreads rumours like that, I'd prefer a public email in a more relevant and more appropriate place. IRC conversations are quite unimportant.
The current guideline on preserving timestamps (which is worded as a recommendation: "consider using") is based on two simple facts: 1) For files whose content doesn't change with rebuilds or upgrades of a package, with preserved mtime timestamps package end-users can easily recognise the age of files (which may be a hint about the age of the software, too) and also recognise old/out-of-date documentation. That's not something of importance, it can be plain helpful. 2) For files that don't change with rebuilds or upgrades of a package (in particular not in terms of a checksum change), we don't want such files to trigger a report of external system integrity checkers because of mtime changes. [During intrusion detection, for example, a changed mtime (even with an unchanged file checksum) means that someone/something has written to a file.]
And we're not talking about embedded timestamps here, which are part of a file's data and influence the file's checksum.