In the effort to have reproducible builds, it is important to have availability of all dependent packages listed in the .BUILDINFO description of a built package. Due to previous efforts within Arch Linux, we do have a daily snapshot of the repos, but this could potentially result in missing packages if they were added and then removed during the course of a single day, and thus never showed up in a snapshot. I'm happy to say that this past Friday, I have upgraded the dbscripts to automatically archive every built package as a core part of our repository release scripts. Additionally, the dbscripts will now check each package before allowing it to be uploaded, to ensure that all installed packages in the .BUILDINFO are actually available. If a package is not available then the update will be rejected. For more details, see https://git.archlinux.org/dbscripts.git/commit/?id=f11a038c43270a70eafdba34f... Of course, none of this guarantees that a package can be reproducibly built. However, it does ensure that we know exactly what input went into building the package, and paves the way for tools which utilize these dependent packages to test a package for reproducibility. Happy packaging! :) -- Eli Schwartz Bug Wrangler and Trusted User