Publish PGP signed tarball without generated content?

Corinna Vinschen vinschen at redhat.com
Thu Apr 18 17:51:55 AEST 2024


On Apr 18 08:50, Simon Josefsson wrote:
> Damien Miller <djm at mindrot.org> writes:
> 
> > I think we're going to check in the autoconf-generated files on the
> > release branches instead.
> 
> Ok that may also achieve the same goal of reproducible release tarballs
> built from source code.
> 
> With that approach, the tarball depends on which autoconf version was
> used by the release manager, and perhaps other things from the
> environment.
> 
> Could you document how to re-generate the release tarball including
> mentioning which autoconf version that you used?

The autoconf version used to generate the files is always put in the
headers of the generated files.


Corinna



More information about the openssh-unix-dev mailing list