[Bug 1508999] Re: MIR: strip-nondeterminism

Martin Pitt martin.pitt at ubuntu.com
Tue Nov 3 20:07:28 UTC 2015 

Thanks for reviewing!
https://launchpad.net/ubuntu/+source/debhelper/9.20151005ubuntu2
reintroduces the dependency, and I promoted the package.

** Changed in: strip-nondeterminism (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to strip-nondeterminism in Ubuntu.
https://bugs.launchpad.net/bugs/1508999

Title:
  MIR: strip-nondeterminism

Status in strip-nondeterminism package in Ubuntu:
  Fix Released

Bug description:
  Rationale:
  - This package is required by newer debhelper versions. In Debian it has been developed separately from the debhelper source for historical reasons, but debhelper depends on it now, and all Debian builds have run wit it since https://anonscm.debian.org/cgit/debhelper/debhelper.git/commit/?id=2a1dc83a0 (August 2015).
  - While we don't currently invest development into reproducible builds in Ubuntu, this is a highly valuable goal, and we certainly want to make use of Debian's work there.

  Security: This package is still fairly young, but the security surface
  is rather small. It only runs during package build and does things
  like removing timestamps and sorting files, it has zero
  installed/runtime effect on binaries and only these kind of
  "predictable metadata" effect on other files shipped by packages.
  Anything dh_strip_nondeterminism can potentially be exploited to do is
  much easier done with direct commands in debian/rules.

  QA:
   - Not necessary to configure; dh calls this automatically when available
   - No debconf questions
   - No major bugs in Debian/no bugs in Ubuntu; package is actively being developed and used in Debian
   - Package has tests which run during build.
   - All dependencies are already in main
   - We don't expect Ubuntu specific maintenance here, we just sync from Debian and thus get gradual improvements on package build reproducibility.
   - I subscribed the Ubuntu Foundations Team to bug reports, who will care about reviewing bugs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strip-nondeterminism/+bug/1508999/+subscriptions

More information about the foundations-bugs mailing list