[CentOS-devel] FYI: centos reproduceability

Thu Apr 30 12:19:57 UTC 2009
Bogdan Costescu <Bogdan.Costescu at iwr.uni-heidelberg.de>

On Thu, 30 Apr 2009, Mike A. Harris wrote:

> I don't think the process should be continued post-final though as 
> it would churn excessive unnecessary updates to end users.

... and would make QA impossible. Red Hat does its QA on the binary 
packages that they provide and if they are happy with the result it 
doesn't matter if the package was rebuilt the day before or came out 
of a Fedora build one year ago. The whole idea of using well known 
binaries (and which go through QA and can be supported) is what keeps 
people paying to Red Hat. It's also what keeps many people downloading 
CentOS packages and not rebuilding the SRPMs themselves. If there's a 
problem they can compare with others running _the same binaries_ and 
find out if the problem comes from the binary or not; with binary 
packages built in a random order and random build environment, there 
is no possibility to talk about reproducible behaviour and makes any 
comparison meaningless.

So how do you (the OP) propose to do QA and bug tracking when each 
single package update can trigger an avalanche of other updates ?

Please note that I also find good the idea of self-hosting. It's a 
very good feeling to take the SRPM and have a binary package after 
just a 'rpmbuild -ba'. But I think that this goal has to be balanced 
with other goals to make a distribution.

-- 
Bogdan Costescu

IWR, University of Heidelberg, INF 368, D-69120 Heidelberg, Germany
Phone: +49 6221 54 8240, Fax: +49 6221 54 8850
E-mail: bogdan.costescu at iwr.uni-heidelberg.de