Date: Sun, 25 Jan 2015 16:49:56 +1100 From: Peter Jeremy <peter@rulingia.com> To: Garrett Wollman <wollman@bimajority.org> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, freebsd-security@freebsd.org Subject: Re: Strange package checksum report Message-ID: <20150125054956.GB23253@server.rulingia.com> In-Reply-To: <21700.23803.911745.834275@hergotha.csail.mit.edu> References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> <868ugrr5r3.fsf@nine.des.no> <21700.23803.911745.834275@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--7ZAtKRhVyVSsbBD2 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2015-Jan-24 22:03:23 -0500, Garrett Wollman <wollman@bimajority.org> wro= te: ><<On Sun, 25 Jan 2015 02:47:12 +0100, Dag-Erling Sm=C3=B8rgrav <des@des.no= > said: >> These are Pyhon bytecode files. They are automatically regenerated if >> you have write access to them and Python thinks they are stale when it >> tries to load them. Apparently, Python's definition of "stale" is >> slightly more complex than just comparing timestamps; they are one of >> the reasons why Baptiste gave up reproducible package builds. > >That's unfortunate. Perhaps either Python can be trained to write >updated copies somewhere else? If Python isn't going to use the .pyc files we ship (because it thinks they are out of date), we might as well not ship them. > Or maybe we can generate them >at package installation rather than shipping pregenerated versions? My feeling is that we should only distribute .py files and build the =2Epyc files at package install time. As far as I can see, this is what Ubuntu and Debian (the two Linux distros I have ready access to) do. >(Would slow down builds of dependent packages, but those are the >breaks.) It would be interesting to know how big an impact this is. --=20 Peter Jeremy --7ZAtKRhVyVSsbBD2 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJUxIQEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs020kP/isDnEiiMRFfhJjQe9ObNERC ZySeSOjGn0G5T78ME/nb98YuHB1ieHly/RZMdD4cNKzK1YUHRPJZ2GxCZjk92+O7 lFkUOQW/Bq738QqGYdB8OhPBF1UGEN+YS1UfRtoVpONQZAVaItnDP6AASKfC7TCF k/5DNT/EMvN72UppSz5qKmA5OHjrIwEg+2jOicPdm5n+JwGwhVEIHODjkiWO33zn PRhw3ZsD4PYpENr+GAuooU8+JQ2EFZ7J4x5pm6D+T51pMEzwjLnAZEBE0B1B/WYG kD8tplUXfeEgfkLtLl32i8y4imPgw09PiC1GvBEVvianc9jFjQjXOyc3+YmF9fBZ E3gO4/vysHU1ec0MsIMrIhhxdRMZQ1U+Hb8ig8IdYhNr0ljYxN5f7hvw1iZyvHSf 4GftJIDc4U5LTSOJJKy/LuP00PdvvSBZvby9tLeLKkkpoTjV9G9X3PadjlRz1zpA Mw7FH+U319jB3e9WNBXQek8P9RU13NbcH4W+GzDrG9xV5K/Q4hZ0pCYbv7C71MFq naRoDYefJDK0qrgvsr8wvXFAUUlBisc7g62TrSfXe7RejDAxIib1S7EYeX4ESu0m KEO013F7CphUSQhwyhZFU3fB8HylIayUMCKzc2wGTGOGWNaSaA3TdGAX0fESSoS4 GR9DY0Edb2qAnQDUmf48 =F3kJ -----END PGP SIGNATURE----- --7ZAtKRhVyVSsbBD2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150125054956.GB23253>