even if you trust the vendor, reproducible builds make it easier for vendors to ship binary code without trusting their build systems.
-
-
One does not simply "just build the binary." It feels like most build systems are a horribly opaque mess of dependencies, magical scripts, and other garbage. This is a problem with solving for sure but it's a significant practical hurdle IMO.
-
If you can't "just build the binary", then how are you going to verify it matches? The whole idea here is the outputs have to be bit-for-bit identical right?
- 10 more replies
New conversation -
-
-
Because the original binary is typically signed by the vendor, and you may not be able to run it on the same platform without that signature. With a repro build, you can use the original binary and have (a degree of) certainty it matches the source. Even better are multi-sigs.
-
The threat model is: You have a platform where you can't install any software unless it's signed by the vendor, but it's open source, and you think that vendor's build server is compromised? Which platform are we talking about, this seems like a fantasy threat model, no?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
