On 12/11/20 10:41, Simon Matter wrote: >> On 11/12/20 4:23 AM, Sandro Bonazzola wrote: >>> >>> Il giorno mer 11 nov 2020 alle ore 15:31 Johnny Hughes >>> <johnny at centos.org <mailto:johnny at centos.org>> ha scritto: >>> >>> On 11/9/20 11:39 PM, Satish Patel wrote: >>> > Folks, >>> > >>> > Redhat has released RHEL 8.3 for the general public last week so >>> > curious when CentOS 8.3 is coming out for the public? >>> > >>> >>> As always .. it will come out when it is done. >>> >>> We have no idea how long that will take until we finish it .. them >>> we'll >>> know. >>> >>> >>> Thanks for your hard work on this. >>> Just a question on the technical side: weren't CentOS 8.3 packages >>> already built once for CentOS Stream in the past? >>> It should reduce the amount of packages to be rebuilt right? >> For most of them, yes. Some are new. Should be faster than in the past. > While we are at it, I was always wondering about reproducible builds. From > what I understand RHEL is not reproducible, otherwise most packages of > CentOS should be identical with the RedHat packages, right? Right, RHEL is not reproducible, but even if it were, nothing indicates that CentOS builds should be identical for different reasons 1) RHEL sort of accumulates builds and then dumps them for point release, so we have no way to replicate the exact environment in which the build was produced. 2) Debranding, some of our debranding might affect things > > Wouldn't it be a security improvement if RHEL builds were 100% > reproducible? Or do I miss something here? You're not missing anything, it would be a big security improvement, not enough, but still much better. > > Regards, > Simon Pablo.