One does not simply "just build the binary." It feels like most build systems are a horribly opaque mess of dependencies, magical scripts, and other garbage. This is a problem with solving for sure but it's a significant practical hurdle IMO.
Then you can just use the binary built by the third party. I already do this, it works today. I trust Red Hat, and I use the binaries they independently produced.
-
-
I think there’s value in “multiple third parties saw the same binary.” But build reproducibility per de doesn’t guarantee that (and may not be necessary).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
No, not the same problem. Think about probability of 1 system being compromised/cosmic rays. Now try to estimate the probability of m of N, for example 2 of 3 systems producing the same (malicious/broken) binary..
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
