[CentOS-devel] FYI: centos reproduceability

Tue Apr 28 19:32:04 UTC 2009
Farkas Levente <lfarkas at lfarkas.org>

Mike A. Harris wrote:
> Les Mikesell wrote:
>> James Antill wrote:
>>>> just ot mention a few problem with 5.3:
>>>> - openjava was added to the distro so all packages which requires
>>>> java-devel now try to build with openjava in stead of gcc's java and
>>>> most of them fail.
>>>> - new updates like dbus-glib, ifd-gate, pccs etc have incompatible devel
>>>> packages eg. headers, but not all of the packages requires these new
>>>> packages was rebuild/fixed so those packages no longer build.
>>>> - newer gcc, toolchain etc (which included in later updates) have
>>>> stronger check and standard compliance but with these tools old and
>>>> buggy code no longer compile.
>>>  This is useless churn to rebuild all the packages to fix these kinds of
>>> build differences, why do you think RH's customers would want them to do
>>> that?
>> I thought _THE_ selling point of open source has always been that in 
>> case of problems the vendor can't/won't fix, you have the option to make 
>> the change yourself.  But if you can't rebuild their packages or even 
>> tell how the source relates to the shipped binary, that isn't true and 
>> shouldn't be represented as such.
> 
> It sucks that the latest sources do not compile on the OS they were 
> originally built for, but the fact is that packages get built at a 
> certain point in time against what is in the tree at that time.
> 
> Then packages continue to be updated to fix bugs, etc. and in some cases 
> maybe even add a new feature here or there.  All it takes is for one of 
> these updates to change something in such a manner that packages that 
> depend on this package will no longer compile.  It could be as simple as 
> a file being moved from one location to another, or some other innocent 
> innocuous change.
> 
> The only way to prevent that sort of thing is to have a mandatory policy 
> that whenever _any_ package is rebuilt in the distribution, that the 
> entire distribution must be rebuilt in a tree with the absolute latest 
> packages present just to ensure that all packages still compile.

no i don't think so. imho there are 2 stage:
1. rebuild every package which depend on or require the new package if
all build without error allow in the new packages otherwise don't allow
until other compilation fails.
2. same as 1. but also include all new rebuild in the updates which
changes and here some smart diff required eg. binary must be the same
some other files can differ eg. generated docs can have some 'small'
differences.

this requires a bit more build farm resource but produce a much better
and stable distro.

-- 
  Levente                               "Si vis pacem para bellum!"