Re: [gnu-prog-discuss] Reproducible GNU!

pspp-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu-prog-discuss] Reproducible GNU!

From:	John Darrington
Subject:	Re: [gnu-prog-discuss] Reproducible GNU!
Date:	Wed, 16 Dec 2015 18:52:04 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

Back on the reprodicibility subject again...

We have one other issue.  In src/libpspp/version.c there
is a string called stat_version which contains a timestamp.

This is used in only three places:

1. It finds its way into generated ODF files.
2. It is part of the dump one sees when a segfault occurs.
3. It is displayed at startup in the command line interface.


I think 1. should be removed anyway, because it is a privacy issue.
It could be used to identify the computer which generated a ODF file.

I don't think that the other two instances give us much benefit.

Any objections if we remove this string altogether?

J'


On Mon, Dec 07, 2015 at 02:39:13PM -0800, Ben Pfaff wrote:
     On Sat, Dec 05, 2015 at 10:19:40PM +0100, John Darrington wrote:
     > On Fri, Dec 04, 2015 at 04:47:59PM +0100, Ludovic Court??s wrote:
     >      
     >      
     >      Reproducible builds are the technical means by which we can give 
users a
     >      chance to make sure they get the Corresponding Source, as the GPL 
calls
     >      it, for a given binary.  If a package can be rebuilt by anyone, 
yielding
     >      a bit-for-bit identical result, then users can make sure they get
     >      genuine binaries.  For more background, see:
     >      
     >        https://reproducible-builds.org/
     >      
     >      The Debian non-reproducibility issue database, which is going to be
     >      shared with other distros and interested parties, contains many
     >      examples of these:
     >      
     >        https://reproducible.debian.net/index_issues.html
     >      
     >      I invite you GNU hackers to look into it and see whether there???s
     >      something you can do to improve your package. 
     > 
     > 
     > PSPP is listed here, due to the date stamps in the pspp.pot file.  
     > 
     > What do people think?  Should we remove the date stamp, replace it with 
a something else
     > (date of the most recent commit) or what?
     
     I've never used the date stamp and I'm not sure I knew there was one in
     there.  Is it useful?  Otherwise let's just remove it.

-- 
Avoid eavesdropping.  Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [gnu-prog-discuss] Reproducible GNU!, John Darrington, 2015/12/05
- Re: [gnu-prog-discuss] Reproducible GNU!, Ben Pfaff, 2015/12/07
  - Re: [gnu-prog-discuss] Reproducible GNU!, John Darrington, 2015/12/08
  - Re: [gnu-prog-discuss] Reproducible GNU!, John Darrington <=
    - Re: [gnu-prog-discuss] Reproducible GNU!, Ben Pfaff, 2015/12/16

Prev by Date: Re: gtk3: Replaced PsppSheetView with GtkTreeView for the variables window
Next by Date: Re: Update
Previous by thread: Re: [gnu-prog-discuss] Reproducible GNU!
Next by thread: Re: [gnu-prog-discuss] Reproducible GNU!
Index(es):
- Date
- Thread