On Fri, 25 Nov 2016, Holger Levsen wrote: > On Thu, Nov 24, 2016 at 11:20:19PM +0100, Chris Lamb wrote: > > > Please test the attached patch. Does it pass all the reproducibility > > > testing? > > This is not actually tested in Debian's Reproducible Builds testing > > framework — I discovered it when working directly on Tails. > > to explain: we only test main, as using and or even building packages > from contrib or non-free might be problematic.
Well, FWIW, intel-microcode and amd64-microcode have been manually checked to be safe to autobuild (and tagged as such, XS-autobuild: yes). In fact, they're autobuilt in unstable. iucode-tool (a build-dep of intel-microcode) is FLOSS (GPL2+), and only in contrib because it basically exists to manipulate non-free data. It is also autobuilt. And I am its upstream. > building only specifically whitelisted packages from contrib+non-free > would be doable though. I would be happy enough if someone would check the patch in this bug report for amd64-microcode *once*. It is not like there is much churn in the build tooling of the microcode packages... > We do take patches however. (Even those with whitelists such simple as > WHITELIST_NON-FREE="package1 package2…" in the code… the hard part is > probably rather adding these extra packages/suites to the web ui…) Well, FWIW :-) WHITELIST_CONTRIB="iucode-tool" WHITELIST_NON-FREE="intel-microcode amd64-microcode" pretty please? -- Henrique Holschuh
