Debian mandates reproducible packages in forky release
Original: Debian must ship reproducible packages
Why This Matters
Major step toward software supply chain security and build integrity
Debian release team announces requirement for reproducible packages, blocking migration of non-reproducible packages. New loong64 architecture added. Testing binNMUs now run autopkgtests for quality assurance.
The Debian release team announced a major policy change requiring all packages to be reproducible, enabled through migration software that blocks packages failing reproducibility tests. This builds on work by the Reproducible Builds project. The team also added functionality for autopkgtests on binary-only non-maintainer uploads (binNMUs) for improved quality assurance. A new architecture, loong64, was added to the archive two weeks ago, requiring rebuilds across all architectures and creating a large CI queue. The team emphasized maintainer responsibility for ensuring package migration and filing RC bugs for autopkgtest regressions in dependencies.