Strange package checksum report
Peter Jeremy
peter at rulingia.com
Sun Jan 25 05:50:55 UTC 2015
On 2015-Jan-24 22:03:23 -0500, Garrett Wollman <wollman at bimajority.org> wrote:
><<On Sun, 25 Jan 2015 02:47:12 +0100, Dag-Erling Smørgrav <des at des.no> said:
>> These are Pyhon bytecode files. They are automatically regenerated if
>> you have write access to them and Python thinks they are stale when it
>> tries to load them. Apparently, Python's definition of "stale" is
>> slightly more complex than just comparing timestamps; they are one of
>> the reasons why Baptiste gave up reproducible package builds.
>
>That's unfortunate. Perhaps either Python can be trained to write
>updated copies somewhere else?
If Python isn't going to use the .pyc files we ship (because it thinks
they are out of date), we might as well not ship them.
> Or maybe we can generate them
>at package installation rather than shipping pregenerated versions?
My feeling is that we should only distribute .py files and build the
.pyc files at package install time. As far as I can see, this is what
Ubuntu and Debian (the two Linux distros I have ready access to) do.
>(Would slow down builds of dependent packages, but those are the
>breaks.)
It would be interesting to know how big an impact this is.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150125/b4f4b7c9/attachment.sig>
More information about the freebsd-security
mailing list