Re: Enabling the WITH_REPRODUCIBLE_BUILD knob for 12.0-REL

From: tech-lists <tech-lists_at_zyxst.net>
Date: Thu, 27 Sep 2018 11:46:00 +0100
On 11/09/2018 20:35, Ed Maste wrote:
> On 11 September 2018 at 07:35, Tomoaki AOKI <junchoon_at_dec.sakura.ne.jp> wrote:
>> I prefer releng, rather than stable, to make it default.
>> Binary releases requiring reproducible builds are built from
>> release and releng branches.
> 
> This might be the reasonable long-term strategy, but we don't yet have
> experience running through the release process with it enabled. I
> would like to enable it by default on the branch, at least initially,
> to avoid discovering issues only immediately prior to the release.

Hi,

Personally I think this should (after testing on -current) be enabled 
only where binary-only updates (for everything) are anticipated. Then 
again, I don't run a binary-only system despite having to manage more 
than 16 systems. One reason is the hardware is all different, so 
different things are enabled in the kernel. The other reason is that I 
can reduce a machines security overhead if only what is required is 
available. This all requires source builds. So, I want to know where and 
when each system was compiled. Why lose this information by default?

thanks,
-- 
J.
Received on Thu Sep 27 2018 - 08:46:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:18 UTC