[Nix-dev] Sidestepping the community builds trust issue?
Michael Raskin
7c6f434c at mail.ru
Sat Dec 26 10:25:50 CET 2015
>If web-of-trust is the best solution, and the only blocker is build
>reproducability, how about trying to classify build differences?
>
>Each of the differences will have a reason, and either we can fix the build
>to be deterministic (e.g. timestamps, build paths), or we can classify a
>class of changes as equivalent (e.g. optimalizations resulting in
>equivalent code, prelinking).
Do we want to do something about Profile Guided Optimisation, for
example? I think GCC builds itself with PGO after bootstrapping, and
I don't know what other packages use some amount of unreproducible PGO.
More information about the nix-dev
mailing list