Re: Publish PGP signed tarball without generated content?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2024/04/18 09:51, Corinna Vinschen wrote:
> On Apr 18 08:50, Simon Josefsson wrote:
> > Damien Miller <djm@xxxxxxxxxxx> writes:
> > 
> > > I think we're going to check in the autoconf-generated files on the
> > > release branches instead.
> > 
> > Ok that may also achieve the same goal of reproducible release tarballs
> > built from source code.
> > 
> > With that approach, the tarball depends on which autoconf version was
> > used by the release manager, and perhaps other things from the
> > environment.
> > 
> > Could you document how to re-generate the release tarball including
> > mentioning which autoconf version that you used?
> 
> The autoconf version used to generate the files is always put in the
> headers of the generated files.

What is ostensibly the same autoconf version can sometimes generate
different output, as some OS packages include patches to autoconf.
This is usually pretty obvious in a diff though.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux