There might be non-security benefits of reproducible builds to *vendors*, but I don't see any benefit to users of being able to reproduce them. This is just because promising there's no backdoors make no sense when bugdoors are just so perfect?
By "trust point" you mean the vendor wasn't malicious, but the auditor was, compromised the vendors build server, then told the vendor it was safe? If the auditor was malicious, they can't alter the vendors build, right? And you *need* to trust the vendor because of bugdoors.
-
-
Reproducible builds are fantastic. The only problem is that they're not widespread yet, and the
@ReproBuilds project still hasn't finished@debian. But I've grown to appreciate the many uses of them including being a responsible sysadmin and seeing what changed in my new bin.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.