On Mon, 2004-09-06 at 05:09 -0700, Steve G wrote: > >> AFAIK, the distribution isn't "bootstrapped" (rebuilt entirely using itself > >> as the build host), > > I kind of determined this empirically. It doesn't build from itself, therefore, > Red Hat is not shipping binaries that is built from the actually shipping copy of > all the srpms. This is bad news for any group that needs the ability to rebuild a > distribution to prove they have the complete set of source and can re-create it > if they ever needed to; or prove there are no 3rd party add-ons/hacks. (There are > govt institutions that require this.) In the past, we ran rebuild tests regularly and fixed these sorts of things up until late in the cycle. Some of that infrastructure breaks from time to time, though. Filing bugs about "foo doesn't rebuild" are useful and then they should (hopefully) get fixed. > >> but instead assembled from packages built all along the development cycle, > >> rebuilt only for updates, bug fixes or to pick up new dependencies. > > I would have hoped that a "release" is built from itself so that *everything* > matches. There are programs that are statically linked to > glibc/dietlibc/slang/newt that may have bugs fixed in a subsequent release. If you do this, then you lose a lot of the benefit of any earlier testing. Although it'd be nice to believe that a rebuild with a newer compiler or whatnot won't change anything, the fact of the matter is that you may trip over new bugs in the build chain. Thus, if everything got rebuilt at the last minute, there'd be no way to sanely test and QA the distribution. Jeremy
