In order to build packages reproducibly, you not only need identical
sources but also some external definition of the environment used for a
particular build. This definition includes the inputs and the outputs
and—in the Debian case—are available in a
It is not currently clear how these files could or should be handled in practice, hence the creation of this server to investigate.
$ gpg --output=- --clearsign my.buildinfo | curl -X PUT --max-time 30 --data-binary @- https://buildinfo.debian.net/api/submit