grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deterministic grub-mkimage


From: Jonathan McCune
Subject: Re: Deterministic grub-mkimage
Date: Mon, 29 Dec 2014 11:01:20 -0800

On Mon, Dec 29, 2014 at 3:08 AM, Andrew Clausen <address@hidden> wrote:
Hi Jonathan,

On 29 December 2014 at 06:29, Jonathan McCune <address@hidden> wrote:
>> One solution would be to:
>>  * build deterministically by default by using a constant timestamp, and
>
> I think doing this by default would be a poor choice, as most of the time
> during development it is very useful to easily identify which version /
> build / experiment / etc is in use.

I agree that during development, timestamps might be useful.  Although
I've never found them particularly helpful myself -- they aren't as
easy as, say, having a text file sitting in the same directory saying
which git commit it is.  In fact, including the git commit somewhere
in the binary would be both more helpful and deterministic.  (I am
happy to supply a patch for this.)  Have you ever used time stamps?

>>  * add a --with-timestamps option (disabled by default), which would
>> enable honest timestamps.
>>
>> What do you think?  Are you accepting patches?
>
> The availability of a flag to explicitly set a specific timestamp for the
> purpose of reproducing a build, seems sane to me. I don't think I would
> enable it by default.

Sorry to be stubborn on this point, but I think it's quite important.
If most people are using deterministic builds, then it becomes much
easier for people to audit against each other's computers.  At the
moment, when I do audits with Grub, I have to ask my
colleagues/friends to zero out the timestamp.  It makes the
conversation longer, which makes me feel reluctant to inconvenience
them.  So I end up doing a less thorough audit.  This kind of audit
scenario arises frequently (or at least, it ought to) in work with
NGOs, journalists, law firms, etc.

Bottom line: I think there is an important social benefit to dropping
timestamps by default.  I'm not convinced timestamps are used much by
developers, and there are better alternatives such as git-commits.

No objection from me, though I'm not a maintainer.

-Jon


reply via email to

[Prev in Thread] Current Thread [Next in Thread]