* roadmap item
@ 2016-09-30 12:15 ng0
2016-09-30 14:26 ` John Darrington
2016-09-30 14:51 ` Eric Bavier
0 siblings, 2 replies; 4+ messages in thread
From: ng0 @ 2016-09-30 12:15 UTC (permalink / raw)
To: guix-devel
Hi,
can we add something to the roadmap like this:
- guix package --search should displays if the returned packages one
asked for are reproducible.
Having a distinction between reproducible and not reproducible would
enable us (or at least help us) to display the progress towards a fully
reproducible system.
--
ng0
#.endofsubmission.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: roadmap item
2016-09-30 12:15 roadmap item ng0
@ 2016-09-30 14:26 ` John Darrington
2016-09-30 14:48 ` ng0
2016-09-30 14:51 ` Eric Bavier
1 sibling, 1 reply; 4+ messages in thread
From: John Darrington @ 2016-09-30 14:26 UTC (permalink / raw)
To: ng0; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1024 bytes --]
On Fri, Sep 30, 2016 at 12:15:28PM +0000, ng0 wrote:
Hi,
can we add something to the roadmap like this:
- guix package --search should displays if the returned packages one
asked for are reproducible.
Having a distinction between reproducible and not reproducible would
enable us (or at least help us) to display the progress towards a fully
reproducible system.
I don't see how anyone can say that package X is definitely reproducible.
Just because it built identically twice, doesn't mean that it'll happen
again the third time - especially if that attempt is on a different
machine, day-of-week etc
Perhaps there could be a flag to indicate "this derivation has been demonstrated
NOT to be reproducible".
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: roadmap item
2016-09-30 14:26 ` John Darrington
@ 2016-09-30 14:48 ` ng0
0 siblings, 0 replies; 4+ messages in thread
From: ng0 @ 2016-09-30 14:48 UTC (permalink / raw)
To: John Darrington; +Cc: guix-devel
John Darrington <john@darrington.wattle.id.au> writes:
> [ Unknown signature status ]
> On Fri, Sep 30, 2016 at 12:15:28PM +0000, ng0 wrote:
> Hi,
>
> can we add something to the roadmap like this:
>
> - guix package --search should displays if the returned packages one
> asked for are reproducible.
>
> Having a distinction between reproducible and not reproducible would
> enable us (or at least help us) to display the progress towards a fully
> reproducible system.
>
>
> I don't see how anyone can say that package X is definitely reproducible.
> Just because it built identically twice, doesn't mean that it'll happen
> again the third time - especially if that attempt is on a different
> machine, day-of-week etc
>
> Perhaps there could be a flag to indicate "this derivation has been demonstrated
> NOT to be reproducible".
That should be more like what I wanted to express with this, the NOT
part. For more read below.
> J'
>
> --
> Avoid eavesdropping. Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3
> fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
>
There's something I have been discussing with other people, and there's
a social component I want to add. It should be trivial at some point to
establish a system based on the social graph
(http://secushare.org/security) where people who build the software can
certify that version Z of package X at point Y in time did build N times
without changing results. Of course that's the future, and there's more
than just an idea, but it's not documented anywhere public so far.
We could of course try to establish something similar already, based on
the results of different hydras already running and building 24/7, on
different hardware, different systems and building different packages
already on different times and days of the week. The progress of
publishing these results should not be entirely automated.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: roadmap item
2016-09-30 12:15 roadmap item ng0
2016-09-30 14:26 ` John Darrington
@ 2016-09-30 14:51 ` Eric Bavier
1 sibling, 0 replies; 4+ messages in thread
From: Eric Bavier @ 2016-09-30 14:51 UTC (permalink / raw)
To: ng0; +Cc: guix-devel, Guix-devel
On 2016-09-30 07:15, ng0 wrote:
> Hi,
>
> can we add something to the roadmap like this:
>
> - guix package --search should displays if the returned packages one
> asked for are reproducible.
>
> Having a distinction between reproducible and not reproducible would
> enable us (or at least help us) to display the progress towards a fully
> reproducible system.
There are two distinctions that need to be made:
1. The package builds on a single machine with `guix build
--no-substitutes --rounds=N foo`.
2. The result of `guix challenge foo` is clean.
As noted in "Invoking 'guix challenge'", the latter requires the former,
but both would be interesting to test, catalog, and display.
--
`~Eric
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-09-30 14:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-30 12:15 roadmap item ng0
2016-09-30 14:26 ` John Darrington
2016-09-30 14:48 ` ng0
2016-09-30 14:51 ` Eric Bavier
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).