|
On Aug 10, 2007, at 10:34 PM, Stanley, Jon wrote:
Thanks Bob. I was going to send a similar mail to the list.
The one thing that you didn't mention (but alluded to) that I will
explicitly is that one of the paramount principles of packaging in RPM is
that of reproducible builds - anyone that you give the SRPM to should be
capable of producing an identical binary RPM. When you introdice dynamic
sources such as svn, CVS, git, etc., that becomes impossible, and thus
defeats the design principles of
RPM.
Heh: ""dynamic". Install a compiler with bugs (or even differently
evolved behavior),
and you will get dynamically "reproducible" builds every time.
In my experience checking out to a tag on a repository is far less
"dynamic" than setting up a build system.
YMMV, everyone's does.
Yeah, the whole deal is far less reproducible than one might like, but
that's life.
Even on "the same" distro/version we have variances due to toolchain
updates
being or not being installed; once you go outside
that not-quite-walled garden it
gets much wilder, with /etc/rpm configuarion, different choices in
configuring and
build of who knows how many explicit and implicit tools and dependencies,
etc.
Sometime it's surprising srpms work as well as they
do.
I guess I'm saying if people don't play foolish games (moving tags
around) with
their version-control repo, repo-vs-tarball is probably a pretty
small factor in the
reproducibility game. Nonetheless I do personally prefer having a
tarball available.
|