I mean, that’s true, but that doesn’t mean that’s why Debian’s doing it.
If they were solving just that, then they would have just pushed for something like a reproducible tarball where you can point to a commit, branch, tag, etcetera from which that tarball can be reproduced and not bother migrating their package format.
Debian has a serious ease-of-packaging issue that I’ve witnessed first-hand, and I think they’ve made it clear that it’s moreso the ease factor they’re focused on that the security factor.
I mean, that’s true, but that doesn’t mean that’s why Debian’s doing it.
If they were solving just that, then they would have just pushed for something like a reproducible tarball where you can point to a commit, branch, tag, etcetera from which that tarball can be reproduced and not bother migrating their package format.
Debian has a serious ease-of-packaging issue that I’ve witnessed first-hand, and I think they’ve made it clear that it’s moreso the ease factor they’re focused on that the security factor.