Calling autoconf in a spec.
Kevin Kofler
kevin.kofler at chello.at
Mon Jul 4 06:36:20 UTC 2011
Sam Varshavchik wrote:
> Well, to me it makes much more sense to simply eliminate the uncertainty
> from the process. If I take the tarball that I'm going to build today, if
> I have to rebuild it next year, of a few years from -- the tarball will
> remain the same. It's not going to change. Similarly, if I apply a patch
> to some file in the tarball, if the patch file also is the same next year
> as it is today, then I have a pretty good level of confidence that the end
> result will be the same today, as it will be next year, or even a few
> years from now. In fact, I'm pretty damn sure it will be, and if I'm
> audited, I will be able to prove it.
>
> Unfortunately, if my build process involves running whatever version of
> autotools happens to be present somewhere in the filesystem, then I can't
> be 100% sure that the results next year will be exactly, identically the
> same as the results that I'm going to get today. I will not guarantee that
> the results will be the same. You can assert as much as you want, with as
> much confidence as you want, that this is the right way to do, from some
> philosophical viewpoint, but you will not be able to prove to me that you
> will always get the same results.
>
> So, if my goal is to always get the same end results, then I simply cannot
> do that.
If you want to always get the exact same results, you cannot build from
source at all, only ship canned binaries (which would be against Fedora
policies, for good reasons). GCC changes, Binutils change etc. You just
don't get the exact same binary again.
Kevin Kofler
More information about the devel
mailing list