Right, but you're saying "they might be breaking the law, and if they provide a reproducible build, we can check if they're breaking the law and sue them....." so, if they are breaking the law, why would they do that?
You said "you *don't* have source code without repro builds", then you said "I have the source to the one I built". Which one of those is true?
-
-
You don't have source code to a binary someone else built without repro builds. You do have it for something you built, at least until you clobber the build environment with hidden deps.
-
Cool, so in practice you *can* have source code without reproducible builds? Then why do you need them to be bit-for-bit identical? I think you're struggling to justify a threat model that doesn't make sense.

- 27 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
