(my view is: As vendor, I like reproducible builds & providing source as it (a) increases the chance that a compromised build infra will be noticed if leveraged and (b) helps me tie source code revisions to binary builds more easily)
-
-
Even worse, if you catch catch someone trying to embed a bugdoor, they might tell you to keep quiet for a few months... or *you* might get threatened or called "irresponsible"
Bugdoors are just perfect, I will never understand why everyone is so fixated on backdoors. -
Dunno, why do you insist in having showers and then breaking AV software? :p Bugdoors are very elegant under many aspects.
- 2 more replies
New conversation -
-
-
but you need to compile that… how do you ensure that your build environment is clean? There's a long list of "yes, but…" which make this an almost impossible proposition and, thereby, devalue the "reproducible build" concept in my view. Some value, yes, panacea, no.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
