-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2020/03/12 01:50 AM, Sl�vek Banko wrote: > Hi all, > > as you probably know, if tdelibs are compiled with elf editor support (WITH_ELFICON), the application icon, TDE > information and git repository information are embedded into libraries and binaries during CMake build. > > This data, on the one hand, provides user convenience - better to see the application icon than the general > binaries icon. On the other hand, they provide information to developers - for example, when reporting creashes. > > > It is possible that you have also heard about the activity Reproducible builds, which seems to us as a very good > idea. See: > > https://reproducible-builds.org/ https://wiki.debian.org/ReproducibleBuilds > > > Currently, the metadata that are embedded has a Compilation Date/Time entry. This is set to the current date and > time at the time of building the binary package. And this is a problem because it makes it impossible to achieve > reproducible builds. > > My suggestion is that next to the ".tdescmmodule" and ".tdescmrevision" files we could have a ".tdescmdatetime" > file containing the git commit date and/or a ".tdepackagedatetime" file containing the date the source package was > created for distribution. For embedded metadata, this fixed time would be used instead of variable time. > > What is your opinion? > > Cheers > Hi Slavek, glad that you have brought up this issue, since it is something I have experienced several times when checking the "drop automake" PR in the last few months. I also feel it is good to have reproducible builds. We already have the ".tdescmmodule" and ".tdescmrevision" which contains the git commit hash the package was build from. Nevertheless we are missing the tde-packaging hash in those files. Rather than having too many .tdescmXXXXX files, I propose we use a single .tdegitinfo file which includes module name, repo git hash and packaging repo hash. I don't see any need for any date in the package once we have the git hash info. Cheers Michele -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjhl1z5vbYB3YbFTiKnW3yore1c8FAl5pnMIACgkQKnW3yore 1c+jkA/9HAN5LtZ50xaaG6jGeNn2gXG0ot7hgTu3CCxlzasRxyhzsbDsMGu38QCv ObM7kbvWMEPQHnQxk8HG8n2HIqcVLcdK8NPy5sXA4MQLwbIbb5uRP7JFOvac+ad9 IB8jfLCtrfwvbG1ChuUmVmiwYqEliz4KXrLYxEG5DgCjKH1/hcqa824gYLUDG10l YP1G72yfaJWXZEuq7uSs07owNPfhbDxWv5Y+v74HjhwAdqEnYu1XFr6r3HRd1LA6 NIXTChxYWwCWCc72DrE9G4j2CG6e4HuUgIKvzSMQKvHGovswxKBg4Guzetez/gWb mIZKSU+F2id1BrnEiO+T9FQzyDU2WmwAsaF+RHZiwrSdQNsj42JPELcYQsP/hhxP l9GxTHMy1V32lA+p5HwOap2Fhz/VLEh4ikYgnsHqofPhRSeC3uuMZwkG3ed+mRwO gexwAjh9A7AqWMbWXJB/N0d1C//l/Z7BvbWIIiFnaDogkGZCpx5tQ7XOcU+vFLuS 7gID0E0wU8Ysr10sVp0sIq6kEVgXD3t88V/rSh3qMnV9KP3cNV+eUFWRIyPCplMM 5I0FUqIeJuUPrvuDm74WGbb6SxJ+XgRhZXd+rkxUJABozrBrvQd4gj+qM7CQKKr7 E04GuedV4L/9xZJImMI7z8k0oLtjZte9ZhhHrqle8hs5/PmYQlE= =Bdww -----END PGP SIGNATURE-----