honestly, this is all a large log of whataboutisms. Sure, there's bugdoors. Ssource code are still easier to audit for bugs than binaries. If you don't have reproducible builds, you are left with the binary alone. So, I see a benefit. Complete solution? Nothing ever is.
-
-
See the app store tweet. Also, lots of time you don't want to actually build it. You can opt to trust that someone is doing it and that forgeries will be caught (maybe not a good idea but an option).
-
I did, I explained that doesn't actually work with the app stores we have. Aren't you advocating for reproducible builds everywhere, not just in some niche fantasy threat models?
- 22 more replies
New conversation -
-
-
you can't use the code you built because your job isn't running a software distribution (imagine everyone had to run their own Google play store, what a security and prodictivity nightmare), but to be sure you know what the software on your customer's devices does.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
