Hi Frank, Frank B. Brokken: > Of course I am. Could somebody please enlighten me what the problem actually > is? This is the first time in my l-o-o-o-o-ng life that I learn about a thing > called a `timestamp of a gzip file' and that it may cause problems.
In Debian context, it currently can pause problem for multiarch: <http://lintian.debian.org/tags/gzip-file-is-not-multi-arch-same-safe.html> Some people are also working on having byte-by-byte reproducible builds [1]. This adds a way to verify that a given source produces the same binary. When done by multiple independent people, this would give Debian some resistance against targatted attacks on its developers. For the latter to work, we need to eliminate any variations coming from external factors, like timestamps. [1] http://wiki.debian.org/ReproducibleBuilds Hope that helps, -- Lunar .''`. lu...@debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-
signature.asc
Description: Digital signature
