From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2FidE6ngzGKKSwEAbAwnHQ (envelope-from ) for ; Tue, 12 Jul 2022 04:47:05 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id qHKaE6ngzGJd7QAAauVa8A (envelope-from ) for ; Tue, 12 Jul 2022 04:47:05 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 051AC318E7 for ; Tue, 12 Jul 2022 04:47:03 +0200 (CEST) Received: from localhost ([::1]:60370 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oB5vS-00039Z-42 for larch@yhetil.org; Mon, 11 Jul 2022 22:47:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43054) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oB5qZ-0000qv-3H for guix-devel@gnu.org; Mon, 11 Jul 2022 22:42:02 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:35500) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oB5qX-00085H-H3 for guix-devel@gnu.org; Mon, 11 Jul 2022 22:41:58 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@aikidev.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 3C6081AC50; Mon, 11 Jul 2022 19:41:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=reproducible-builds.org; s=1.vagrant; t=1657593715; bh=8JD4RFfha4PfuSf+kdHOm/p9jlUKC43iRpk2MNEEv1g=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=mA5/Af/DTEfSG0bUGTegeKz8B4R934EX7NblY8ol96vgS7Fp2KlL2YOrmkL+Vgp6N bfq6Tyd5VbNhlmRxnN5I7aBNz42ODfsGA7k4OIpFd9j6ivlI0G4IIQcLr2xcbSOc/k nKZEhH6kZlckIomjC4JB2+evy6aqyJDoZWrTEfpEcp/EQxObj7iU+oFU/UJqg2BMOw uZ6WojRCP4X5evfKYUtL4/Ck9MnZkHP2wvy06WFDlwPaW6zf15ahIUN52SXAFOPNig aCJ5AawbldGik513+/0MphnPnFbCrbpE/r3D19QzFXmsy+bFPN2Y2GK9dvCdUk+nU/ qW93evo1n6Fxw== From: Vagrant Cascadian To: Tobias Geerinckx-Rice , =?utf-8?Q?G=C3=A1bor?= Boskovits Cc: Guix Devel , Efraim Flashner , Julien Lepiller , Felix Lechner Subject: Re: maradns reproducibility fixes and the merits of picking a random number In-Reply-To: <87lesz83bw.fsf@contorta> References: <87pmjlfdjl.fsf@contorta> <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> <87a6amgak1.fsf@contorta> <87r13grv6a.fsf@contorta> <87leth7ev6.fsf@contorta> <4BD0EAF3-DFA2-47B0-AFA0-AEAA2393F2A5@tobias.gr> <87letg21eb.fsf@contorta> <8C490441-06FA-45FE-BB0F-5E9C99DE0542@tobias.gr> <87lesz83bw.fsf@contorta> Date: Mon, 11 Jul 2022 19:41:49 -0700 Message-ID: <87ilo3832q.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657594023; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=07lBcp71sOsEQaDWBHD/tFqAcmOz7p6xX1F26MtbIjE=; b=giqRAvYUpoRUwjeFrU8xD06dts6Zezu6o/1yS9AVg0Vdy1LAuHTnIIZnMw8Om3r12WQQCV D/Q/wtBXc5bBkPJfCEgQdphFNt5rQJ4wUsjr7iBbYPl0DE/9BdJ7VRhYv63YxBJB1ga9Iq uds9bXkqtFyOHSr7YCOV14WALuYKffNRbkwccWeS3QoXgEs+nm4HY0mWDeDDkmuKvQ62FD NGqcBugUV2tTtdf/3dcBBpeVWMyCkz2LySQRlAxUONSDfibtid0dTVTcDs/S0ObIMFwR9O 6dv49z9/x+uVuRtI45Frc8vuw/sdF+THYe9Tyu/Qb1sqvqc6S+pqpjBCsGenJQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657594023; a=rsa-sha256; cv=none; b=NU2zn1NHKF1MpwpvGbmxJ+Y7QdQZ66vSdbsbMyZcS55AQvAFv3JZzGsd6FVbIWrYqiSTqP vlrEJbyVOr1hyCt/QvRaEwxBPjmR/sH1w428EaNYr4+qFB39bdBxpWToc7mmBYhoAP+MPf oBCB1n5BZXgT+mqGg9fs2wfDZ5HSVQw8Xo+rAF9bge9GVcAGmu1yqoncAZ1L7jB6I7GmO5 5T/s0cCnTuesHi6t4yJXD+7R8PDg8akBKrdH6J+Yn5ljL5E41mkGf0xow/YIMDxBdhV9W8 cCNkAjJIYqoen0w8mLZ64Udd9MqoKJzvb2UmW94KSvJ3tJUFRt88IyeAGl191A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b="mA5/Af/D"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -9.05 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b="mA5/Af/D"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 051AC318E7 X-Spam-Score: -9.05 X-Migadu-Scanner: scn0.migadu.com X-TUID: jR/BrKXDY3HM --=-=-= Content-Type: text/plain On 2022-07-11, Vagrant Cascadian wrote: > I hear Efraim say better to have unique randomness and no substitutes, > and I hear Tobias say more or less it's ok as long as upstream is right > about it being ok to embed a specific prime as other random numbers get > mixed in at runtime... Well, now that I hit send already, I guess another option is ... to have both? One package without patches that is not substitutable and not reproducible, and one with patches that is verifyably reproducible and substitutable? live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYszfbQAKCRDcUY/If5cW qmUMAP9C1Yk0XyefXM3FYH5fM5WDhp4dMsqoNSVj2J5irqDYawD+Lon10ibsuDIZ MXcgbtypM3SGxleWUWqp7Vtk/sjTGQE= =WkgS -----END PGP SIGNATURE----- --=-=-=--