On 5/6/25 1:35 AM, Santiago Vila wrote:
On the contrary, in this specific instance the final outcome changed completely.- In the buildds -> the package built fine because network access was forbidden- In my archive rebuild setup -> the package failed to build because it was accessingthe network and the service was giving 500 Error.
That was a temporary error. By disabling that test, we are losing out on useful tests.
If we can't be sure if the package will build ok or not depending on external factors, then the package does not really contain the complete source code, so this is notonly a reproducibility problem but also a DFSG-compliance issue.
This is stretching the DFSG definition too much. Do we really want to interpret DFSG like this? We are testing functionality of the package that uses internet. So we should not have any tests that will confirm any features that uses internet?
Not only the .deb should always be the same, also the tests which pass or not passshould also be the same.
You are stretching DFSG here and I don't think this interpretation is actually helpful. It only adds unnecessary constraint to ourselves on our ability to test features that needs internet.
We don't need to include tests when checking reproducibility of a package. Tests serve a different purpose - making sure all functionality is working especially when dependencies change. By disabling these tests, we are reducing the quality of our packages and losing our ability to detect problems early on.
But I think I have conveyed my arguments already. If my opinion is a minority opinion not supported by others. I'd leave it here.
I'd request anyone who thinks my argument has values to reply, so I know more people share this view.>
Thanks.
OpenPGP_0x8F53E0193B294B75.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
