Publish PGP signed tarball without generated content?

Corinna Vinschen vinschen at
Thu Apr 18 17:51:55 AEST 2024

On Apr 18 08:50, Simon Josefsson wrote:
> Damien Miller <djm at> writes:
> > I think we're going to check in the autoconf-generated files on the
> > release branches instead.
> Ok that may also achieve the same goal of reproducible release tarballs
> built from source code.
> With that approach, the tarball depends on which autoconf version was
> used by the release manager, and perhaps other things from the
> environment.
> Could you document how to re-generate the release tarball including
> mentioning which autoconf version that you used?

The autoconf version used to generate the files is always put in the
headers of the generated files.


More information about the openssh-unix-dev mailing list