Enabling the WITH_REPRODUCIBLE_BUILD knob for 12.0-REL
tech-lists
tech-lists at zyxst.net
Thu Sep 27 10:46:11 UTC 2018
On 11/09/2018 20:35, Ed Maste wrote:
> On 11 September 2018 at 07:35, Tomoaki AOKI <junchoon at dec.sakura.ne.jp> wrote:
>> I prefer releng, rather than stable, to make it default.
>> Binary releases requiring reproducible builds are built from
>> release and releng branches.
>
> This might be the reasonable long-term strategy, but we don't yet have
> experience running through the release process with it enabled. I
> would like to enable it by default on the branch, at least initially,
> to avoid discovering issues only immediately prior to the release.
Hi,
Personally I think this should (after testing on -current) be enabled
only where binary-only updates (for everything) are anticipated. Then
again, I don't run a binary-only system despite having to manage more
than 16 systems. One reason is the hardware is all different, so
different things are enabled in the kernel. The other reason is that I
can reduce a machines security overhead if only what is required is
available. This all requires source builds. So, I want to know where and
when each system was compiled. Why lose this information by default?
thanks,
--
J.
More information about the freebsd-current
mailing list