[CentOS-devel] FYI: centos reproduceability

Tue Apr 28 19:35:15 UTC 2009
James Olin Oden <james.oden at gmail.com>

On Tue, Apr 28, 2009 at 3:32 PM, Farkas Levente <lfarkas at lfarkas.org> wrote:
> Mike A. Harris wrote:
>> Les Mikesell wrote:
>>> James Antill wrote:
>>>>> just ot mention a few problem with 5.3:
>>>>> - openjava was added to the distro so all packages which requires
>>>>> java-devel now try to build with openjava in stead of gcc's java and
>>>>> most of them fail.
>>>>> - new updates like dbus-glib, ifd-gate, pccs etc have incompatible devel
>>>>> packages eg. headers, but not all of the packages requires these new
>>>>> packages was rebuild/fixed so those packages no longer build.
>>>>> - newer gcc, toolchain etc (which included in later updates) have
>>>>> stronger check and standard compliance but with these tools old and
>>>>> buggy code no longer compile.
>>>>  This is useless churn to rebuild all the packages to fix these kinds of
>>>> build differences, why do you think RH's customers would want them to do
>>>> that?
>>> I thought _THE_ selling point of open source has always been that in
>>> case of problems the vendor can't/won't fix, you have the option to make
>>> the change yourself.  But if you can't rebuild their packages or even
>>> tell how the source relates to the shipped binary, that isn't true and
>>> shouldn't be represented as such.
>>
>> It sucks that the latest sources do not compile on the OS they were
>> originally built for, but the fact is that packages get built at a
>> certain point in time against what is in the tree at that time.
>>
>> Then packages continue to be updated to fix bugs, etc. and in some cases
>> maybe even add a new feature here or there.  All it takes is for one of
>> these updates to change something in such a manner that packages that
>> depend on this package will no longer compile.  It could be as simple as
>> a file being moved from one location to another, or some other innocent
>> innocuous change.
>>
>> The only way to prevent that sort of thing is to have a mandatory policy
>> that whenever _any_ package is rebuilt in the distribution, that the
>> entire distribution must be rebuilt in a tree with the absolute latest
>> packages present just to ensure that all packages still compile.
>
> no i don't think so. imho there are 2 stage:
> 1. rebuild every package which depend on or require the new package if
> all build without error allow in the new packages otherwise don't allow
> until other compilation fails.
> 2. same as 1. but also include all new rebuild in the updates which
> changes and here some smart diff required eg. binary must be the same
> some other files can differ eg. generated docs can have some 'small'
> differences.
>
> this requires a bit more build farm resource but produce a much better
> and stable distro.
Right and that's a business decision not a technical decision....james