Hi,

I updated some notes this month:

==> libcamera <==
random: private key signatures of modules
/usr/lib64/libcamera-suse.so.3 differs in ELF section .rodata


==> librsb <==
= https://bugzilla.opensuse.org/show_bug.cgi?id=1198822 compile-time CPU-detection

==> c3p0 <==
= https://github.com/swaldman/c3p0/issues/163 date+time ; ?bug? order issues ; orphaned

order issues in /home/abuild/rpmbuild/BUILD/c3p0-0.9.5.2.src/build/codegen/com/mchange/v2/c3p0/impl/NewProxyResultSet.java

==> fdo-client <==
private keys
/usr/share/fdo-client/data/ecdsa256privkey.pem


==> golang-github-prometheus-node_exporter <==
=> https://github.com/prometheus/promu/pull/230 date+time ; with Witek

==> skaffold <==
? parallelism problem vanished for unknown reason (toolchain fix?)
/usr/bin/skaffold differs in assembler output

==> python-numcodecs <==
#=> SR 972586
#= https://bugzilla.opensuse.org/show_bug.cgi?id=1198818 CPU/AVX2

==> python-rpcq <==
stuck j1?


==> libopenraw <==
unknown: 8 random bytes in .hash section
+++ new /usr/lib64/libopenraw.so.9.0.1 (objdump)
@@ -1508,7 +1508,7 @@

==> calibre <==
CPU-dependent from Qt5 QImage scaler
/usr/share/icons/hicolor/64x64/mimetypes/text-lrs.png

==> salt <==
=> https://github.com/openSUSE/salt-packaging/pull/57


last month's status:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/HQXX6XKNFZ2ERNXGK2QDZVZ5C4Y4SBPS/

Last months' reproducible builds project updates (including my work):
https://reproducible-builds.org/reports/2022-03/

I uploaded https://rb.zq1.de/compare.factory-20220428/ today
and rbstats are:
total-packages: 14371 (+19)
build-tried: 14362 (+22)
build-failed: 28 (+5)
build-n-a: 169 (-2)
build-succeeded: 14166 (+20)
build-official-failed+na: 73 (-8)
build-compare-failed: 508 (+13)
build-compare-succeeded: 13658 (+7)
verify-failed: 477 (+38)
verified-semi-reproducible: 12761 (-423)
bit-by-bit-identical: 13402 (+7)
not-bit-by-bit-identical: 772 (+12)
not-bit-by-bit-identicalcheck: 764 (+13)

https://rb.zq1.de/compare.factory-20220428/graph.png
shows the change over time

https://rb.zq1.de/compare.factory-20220428/unreproduciblerings.txt
lists very unreproducible core packages (bootstrap+DVD)

Of the badly unreproducible packages,
3 were in ring0
62 were in ring1

That makes it 65/3339 => 1.95 %
which is below the overall average of
508/14166 => 3.59 %

772/14166 => 5.45 % of packages are not perfectly reproducible